diff --git a/package/lean/luci-app-nft-qos/Makefile b/package/lean/luci-app-nft-qos/Makefile
new file mode 100644
index 000000000..8349e775f
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/Makefile
@@ -0,0 +1,14 @@
+#
+# Copyright (C) 2008-2014 The LuCI Team <luci@lists.subsignal.org>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Qos over Nftables
+LUCI_DEPENDS:=+nft-qos
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/package/lean/luci-app-nft-qos/luasrc/controller/nft-qos.lua b/package/lean/luci-app-nft-qos/luasrc/controller/nft-qos.lua
new file mode 100644
index 000000000..42043505d
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/luasrc/controller/nft-qos.lua
@@ -0,0 +1,51 @@
+-- Copyright 2018 Rosy Song <rosysong@rosinson.com>
+-- Licensed to the public under the Apache License 2.0.
+
+module("luci.controller.nft-qos", package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/nft-qos") then
+		return
+	end
+
+	entry({"admin", "status", "realtime", "rate"},
+		template("nft-qos/rate"), _("Rate"), 5).leaf = true
+	entry({"admin", "status", "realtime", "rate_status"},
+		call("action_rate")).leaf = true
+	entry({"admin", "services", "nft-qos"}, cbi("nft-qos/nft-qos"),
+		_("Qos over Nftables"), 60)
+end
+
+function _action_rate(rv, n)
+	local c = io.popen("nft list chain inet nft-qos-monitor " .. n .. " 2>/dev/null")
+	if c then
+		for l in c:lines() do
+			local _, i, p, b = l:match('^%s+ip ([^%s]+) ([^%s]+) counter packets (%d+) bytes (%d+)')
+			if i and p and b then
+				-- handle expression
+				local r = {
+					rule = {
+					family = "inet",
+					table = "nft-qos-monitor",
+					chain = n,
+					handle = 0,
+					expr = {
+							{ match = { right = i } },
+							{ counter = { packets = p, bytes = b } }
+						}
+					}
+				}
+				rv[#rv + 1] = r
+			end
+		end
+		c:close()
+	end
+end
+
+function action_rate()
+	luci.http.prepare_content("application/json")
+	local data = { nftables = {} }
+	_action_rate(data.nftables, "upload")
+	_action_rate(data.nftables, "download")
+	luci.http.write_json(data)
+end
diff --git a/package/lean/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua b/package/lean/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua
new file mode 100644
index 000000000..61a6d76a7
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua
@@ -0,0 +1,229 @@
+-- Copyright 2018 Rosy Song <rosysong@rosinson.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local uci = require("luci.model.uci").cursor()
+local wa = require("luci.tools.webadmin")
+local fs = require("nixio.fs")
+local ipc = require("luci.ip")
+
+local def_rate_dl = uci:get("nft-qos", "default", "static_rate_dl")
+local def_rate_ul = uci:get("nft-qos", "default", "static_rate_ul")
+local def_unit_dl = uci:get("nft-qos", "default", "static_unit_dl")
+local def_unit_ul = uci:get("nft-qos", "default", "static_unit_ul")
+
+local def_up = uci:get("nft-qos", "default", "dynamic_bw_up")
+local def_down = uci:get("nft-qos", "default", "dynamic_bw_down")
+
+local limit_enable = uci:get("nft-qos", "default", "limit_enable")
+local limit_type = uci:get("nft-qos", "default", "limit_type")
+local enable_priority = uci:get("nft-qos", "default", "priority_enable")
+
+local has_ipv6 = fs.access("/proc/net/ipv6_route")
+
+m = Map("nft-qos", translate("Qos over Nftables"))
+
+--
+-- Taboptions
+--
+s = m:section(TypedSection, "default", translate("NFT-QoS Settings"))
+s.addremove = false
+s.anonymous = true
+
+s:tab("limit", "Limit Rate")
+s:tab("priority", "Traffic Priority")
+
+--
+-- Static
+--
+o = s:taboption("limit", Flag, "limit_enable", translate("Limit Enable"), translate("Enable Limit Rate Feature"))
+o.default = limit_enable or o.enabled
+o.rmempty = false
+
+o = s:taboption("limit", ListValue, "limit_type", translate("Limit Type"), translate("Type of Limit Rate"))
+o.default = limit_static or "static"
+o:depends("limit_enable","1")
+o:value("static", "Static")
+o:value("dynamic", "Dynamic")
+
+o = s:taboption("limit", Value, "static_rate_dl", translate("Default Download Rate"), translate("Default value for download rate"))
+o.datatype = "uinteger"
+o.default = def_rate_dl or '50'
+o:depends("limit_type","static")
+
+o = s:taboption("limit", ListValue, "static_unit_dl", translate("Default Download Unit"), translate("Default unit for download rate"))
+o.default = def_unit_dl or "kbytes"
+o:depends("limit_type","static")
+o:value("bytes", "Bytes/s")
+o:value("kbytes", "KBytes/s")
+o:value("mbytes", "MBytes/s")
+
+o = s:taboption("limit", Value, "static_rate_ul", translate("Default Upload Rate"), translate("Default value for upload rate"))
+o.datatype = "uinteger"
+o.default = def_rate_ul or '50'
+o:depends("limit_type","static")
+
+o = s:taboption("limit", ListValue, "static_unit_ul", translate("Default Upload Unit"), translate("Default unit for upload rate"))
+o.default = def_unit_ul or "kbytes"
+o:depends("limit_type","static")
+o:value("bytes", "Bytes/s")
+o:value("kbytes", "KBytes/s")
+o:value("mbytes", "MBytes/s")
+
+--
+-- Dynamic
+--
+o = s:taboption("limit", Value, "dynamic_bw_down", translate("Download Bandwidth (Mbps)"), translate("Default value for download bandwidth"))
+o.default = def_up or '100'
+o.datatype = "uinteger"
+o:depends("limit_type","dynamic")
+
+o = s:taboption("limit", Value, "dynamic_bw_up", translate("Upload Bandwidth (Mbps)"), translate("Default value for upload bandwidth"))
+o.default = def_down or '100'
+o.datatype = "uinteger"
+o:depends("limit_type","dynamic")
+
+o = s:taboption("limit", Value, "dynamic_cidr", translate("Target Network (IPv4/MASK)"), translate("Network to be apply, e.g. 192.168.1.0/24, 10.2.0.0/16, etc"))
+o.datatype = "cidr4"
+ipc.routes({ family = 4, type = 1 }, function(rt) o.default = rt.dest end)
+o:depends("limit_type","dynamic")
+
+if has_ipv6 then
+	o = s:taboption("limit", Value, "dynamic_cidr6", translate("Target Network6 (IPv6/MASK)"), translate("Network to be apply, e.g. AAAA::BBBB/64, CCCC::1/128, etc"))
+	o.datatype = "cidr6"
+	o:depends("limit_type","dynamic")
+end
+
+o = s:taboption("limit", DynamicList, "limit_whitelist", translate("White List for Limit Rate"))
+o.datatype = "ipaddr"
+o:depends("limit_enable","1")
+
+--
+-- Priority
+--
+o = s:taboption("priority", Flag, "priority_enable", translate("Enable Traffic Priority"), translate("Enable this feature"))
+o.default = enable_priority or o.enabled
+o.rmempty = false
+
+o = s:taboption("priority", ListValue, "priority_netdev", translate("Default Network Interface"), translate("Network Interface for Traffic Shaping, e.g. br-lan, eth0.1, eth0, etc"))
+o:depends("priority_enable", "1")
+wa.cbi_add_networks(o)
+
+--
+-- Static Limit Rate - Download Rate
+--
+if limit_enable == "1" and limit_type == "static" then
+
+x = m:section(TypedSection, "download", translate("Static QoS-Download Rate"))
+x.anonymous = true
+x.addremove = true
+x.template = "cbi/tblsection"
+
+o = x:option(Value, "hostname", translate("Hostname"))
+o.datatype = "hostname"
+o.default = 'undefined'
+
+if has_ipv6 then
+	o = x:option(Value, "ipaddr", translate("IP Address(V4 / V6)"))
+else
+	o = x:option(Value, "ipaddr", translate("IP Address(V4 Only)"))
+end
+o.datatype = "ipaddr"
+if nixio.fs.access("/tmp/dhcp.leases") or nixio.fs.access("/var/dhcp6.leases") then
+	o.titleref = luci.dispatcher.build_url("admin", "status", "overview")
+end
+
+o = x:option(Value, "macaddr", translate("MAC (optional)"))
+o.rmempty = true
+o.datatype = "macaddr"
+
+o = x:option(Value, "rate", translate("Rate"))
+o.default = def_rate_dl or '50'
+o.size = 4
+o.datatype = "uinteger"
+
+o = x:option(ListValue, "unit", translate("Unit"))
+o.default = def_unit_dl or "kbytes"
+o:value("bytes", "Bytes/s")
+o:value("kbytes", "KBytes/s")
+o:value("mbytes", "MBytes/s")
+
+--
+-- Static Limit Rate - Upload Rate
+--
+y = m:section(TypedSection, "upload", translate("Static QoS-Upload Rate"))
+y.anonymous = true
+y.addremove = true
+y.template = "cbi/tblsection"
+
+o = y:option(Value, "hostname", translate("Hostname"))
+o.datatype = "hostname"
+o.default = 'undefined'
+
+if has_ipv6 then
+	o = y:option(Value, "ipaddr", translate("IP Address(V4 / V6)"))
+else
+	o = y:option(Value, "ipaddr", translate("IP Address(V4 Only)"))
+end
+o.datatype = "ipaddr"
+if nixio.fs.access("/tmp/dhcp.leases") or nixio.fs.access("/var/dhcp6.leases") then
+	o.titleref = luci.dispatcher.build_url("admin", "status", "overview")
+end
+
+o = y:option(Value, "macaddr", translate("MAC (optional)"))
+o.rmempty = true
+o.datatype = "macaddr"
+
+o = y:option(Value, "rate", translate("Rate"))
+o.default = def_rate_ul or '50'
+o.size = 4
+o.datatype = "uinteger"
+
+o = y:option(ListValue, "unit", translate("Unit"))
+o.default = def_unit_ul or "kbytes"
+o:value("bytes", "Bytes/s")
+o:value("kbytes", "KBytes/s")
+o:value("mbytes", "MBytes/s")
+
+end
+
+--
+-- Traffic Priority Settings
+--
+if enable_priority == "1" then
+
+s = m:section(TypedSection, "priority", translate("Traffic Priority Settings"))
+s.anonymous = true
+s.addremove = true
+s.template = "cbi/tblsection"
+
+o = s:option(ListValue, "protocol", translate("Protocol"))
+o.default = "tcp"
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("udplite", "UDP-Lite")
+o:value("sctp", "SCTP")
+o:value("dccp", "DCCP")
+
+o = s:option(ListValue, "priority", translate("Priority"))
+o.default = "1"
+o:value("-400", "1")
+o:value("-300", "2")
+o:value("-225", "3")
+o:value("-200", "4")
+o:value("-150", "5")
+o:value("-100", "6")
+o:value("0", "7")
+o:value("50", "8")
+o:value("100", "9")
+o:value("225", "10")
+o:value("300", "11")
+
+o = s:option(Value, "service", translate("Service"), translate("e.g. https, 23, (separator is comma)"))
+o.default = '?'
+
+o = s:option(Value, "comment", translate("Comment"))
+o.default = '?'
+
+end
+
+return m
diff --git a/package/lean/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm b/package/lean/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm
new file mode 100644
index 000000000..5f9cb57d2
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm
@@ -0,0 +1,167 @@
+<%#
+ Copyright 2018 Rosy Song <rosysong@rosinson.com>
+ Licensed to the public under the Apache License 2.0.
+-%>
+
+<%+header%>
+
+<script type="text/javascript">//<![CDATA[
+	var bwxhr = new XHR();
+
+	var RC = { };
+	var em = 0;
+	var ec = 1;
+
+	var rate_table_dl;
+	var rate_table_ul;
+
+	function init_bytes(rl, ra) {
+		var bytes_pre;
+		var obj = { };
+		obj.chain = rl.chain;
+		obj.ipaddr = rl.expr[em].match.right;
+		obj.bytes = rl.expr[ec].counter.bytes;
+		obj.packets = rl.expr[ec].counter.packets;
+		obj.rate = 0;
+
+		if (RC[obj.chain] && RC[obj.chain][obj.ipaddr])
+				bytes_pre = RC[obj.chain][obj.ipaddr];
+		else
+				bytes_pre = 0;
+
+		obj.rate = (bytes_pre > 0) ? (obj.bytes - bytes_pre) / 3: 0;
+
+		if (!RC[obj.chain])
+				RC[obj.chain] = { };
+		RC[obj.chain][obj.ipaddr] = obj.bytes;
+
+		if (!ra[obj.chain])
+				ra[obj.chain] = [ ];
+		ra[obj.chain].push(obj);
+	} /* function init_bytes(rl, ra) */
+
+	function bytes_label(bytes) {
+		var uby = '<%:kB%>';
+		var kby = (bytes / 1024);
+
+		if (kby > 1024) {
+			uby = '<%:MB%>';
+			kby = (kby / 1024);
+		}
+
+		return String.format("%f %s", kby.toFixed(2), uby);
+	}
+
+	function print_table(tbl, rs, ra) {
+		ra.sort(function(a, b) { return b.rate - a.rate });
+		for (var i = 0; i < ra.length; i++) {
+			rs.push([
+				ra[i].ipaddr,
+				bytes_label(ra[i].rate) + '/s',
+				bytes_label(ra[i].bytes),
+				'%s Pkts.'.format(ra[i].packets),
+			]);
+		}
+		cbi_update_table(tbl, rs, '<em><%:No information available%></em>');
+	} /* function print_table(tbl, ra) */
+
+	/* wait for SVG */
+	window.setTimeout(
+		function() {
+			if (!RC)
+			{
+				window.setTimeout(arguments.callee, 1000);
+			}
+			else
+			{
+				rate_table_dl     = document.getElementById('rate_table_dl');
+				rate_table_ul     = document.getElementById('rate_table_ul');
+
+				/* render datasets, start update interval */
+				XHR.poll(3, '<%=build_url("admin/status/realtime/rate_status")%>', null,
+					function(x, json)
+					{
+						var RA = {};
+						var rows_dl = [];
+						var rows_ul = [];
+
+						var rules = json.nftables;
+						for (var i = 0; i < rules.length; i++)
+						{
+							if (!rules[i].rule)
+								continue;
+							if (rules[i].rule.table != 'nft-qos-monitor')
+								continue;
+
+							var rl = rules[i].rule;
+							switch (rl.chain)
+							{
+								case 'download':
+								case 'upload': init_bytes(rl, RA); break;
+							}
+						} /* for (var i = 0; i < rules.length; i++) */
+
+						/* display the result */
+						if (RA.download) {
+							while (rate_table_dl.firstElementChild !== rate_table_dl.lastElementChild)
+								rate_table_dl.removeChild(rate_table_dl.lastElementChild);
+							print_table(rate_table_dl, rows_dl, RA.download);
+						}
+						if (RA.upload) {
+							while (rate_table_ul.firstElementChild !== rate_table_ul.lastElementChild)
+								rate_table_ul.removeChild(rate_table_ul.lastElementChild);
+							print_table(rate_table_ul, rows_ul, RA.upload);
+						}
+
+					} /* function(x, json) */
+				); /* XHR.poll() */
+
+				XHR.run();
+			}
+		}, 1000
+	);
+//]]></script>
+
+<h2 name="content"><%:Realtime Rate%></h2>
+
+<div class="cbi-map-descr"><%:This page gives an overview over currently download/upload rate.%></div>
+
+<fieldset class="cbi-section" id="cbi-table-table">
+	<legend><%:Realtime Download Rate%></legend>
+	<div class="cbi-section-node">
+		<div class="table" id="rate_table_dl">
+			<div class="tr table-titles">
+				<div class="th col-2 hide-xs"><%:IP Address%></div>
+				<div class="th col-2"><%:Download Rate%></div>
+				<div class="th col-7"><%:Bytes Total%></div>
+				<div class="th col-7"><%:Packets Total%></div>
+			</div>
+			<div class="tr placeholder">
+				<div class="td">
+					<em><%:Collecting data...%></em>
+				</div>
+			</div>
+		</div>
+	</div>
+</fieldset>
+
+<fieldset class="cbi-section" id="cbi-table-table">
+	<legend><%:Realtime Upload Rate%></legend>
+	<div class="cbi-section-node">
+		<div class="table" id="rate_table_ul">
+			<div class="tr table-titles">
+				<div class="th col-2 hide-xs"><%:IP Address%></div>
+				<div class="th col-2"><%:Upload Rate%></div>
+				<div class="th col-7"><%:Bytes Total%></div>
+				<div class="th col-7"><%:Packets Total%></div>
+			</div>
+			<div class="tr placeholder">
+				<div class="td">
+					<em><%:Collecting data...%></em>
+				</div>
+			</div>
+		</div>
+	</div>
+</fieldset>
+
+<%+footer%>
diff --git a/package/lean/luci-app-nft-qos/po/templates/nft-qos.pot b/package/lean/luci-app-nft-qos/po/templates/nft-qos.pot
new file mode 100644
index 000000000..8fecfa073
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/po/templates/nft-qos.pot
@@ -0,0 +1,230 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:136
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:155
+msgid "Bytes Total"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:141
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:160
+msgid "Collecting data..."
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:224
+msgid "Comment"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:48
+msgid "Default Download Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:53
+msgid "Default Download Unit"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:107
+msgid "Default Network Interface"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:60
+msgid "Default Upload Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:65
+msgid "Default Upload Unit"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:53
+msgid "Default unit for download rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:65
+msgid "Default unit for upload rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:75
+msgid "Default value for download bandwidth"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:48
+msgid "Default value for download rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:80
+msgid "Default value for upload bandwidth"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:60
+msgid "Default value for upload rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:75
+msgid "Download Bandwidth (Mbps)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:135
+msgid "Download Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:38
+msgid "Enable Limit Rate Feature"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:103
+msgid "Enable Traffic Priority"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:103
+msgid "Enable this feature"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:121
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:158
+msgid "Hostname"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:134
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:153
+msgid "IP Address"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:126
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:163
+msgid "IP Address(V4 / V6)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:128
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:165
+msgid "IP Address(V4 Only)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:38
+msgid "Limit Enable"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:42
+msgid "Limit Type"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:135
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:172
+msgid "MAC (optional)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:48
+msgid "MB"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:28
+msgid "NFT-QoS Settings"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:107
+msgid "Network Interface for Traffic Shaping, e.g. br-lan, eth0.1, eth0, etc"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:85
+msgid "Network to be apply, e.g. 192.168.1.0/24, 10.2.0.0/16, etc"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:91
+msgid "Network to be apply, e.g. AAAA::BBBB/64, CCCC::1/128, etc"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:65
+msgid "No information available"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:137
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:156
+msgid "Packets Total"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:207
+msgid "Priority"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:199
+msgid "Protocol"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/controller/nft-qos.lua:16
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:23
+msgid "Qos over Nftables"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/controller/nft-qos.lua:12
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:139
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:176
+msgid "Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:130
+msgid "Realtime Download Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:125
+msgid "Realtime Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:149
+msgid "Realtime Upload Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:221
+msgid "Service"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:116
+msgid "Static QoS-Download Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:153
+msgid "Static QoS-Upload Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:85
+msgid "Target Network (IPv4/MASK)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:91
+msgid "Target Network6 (IPv6/MASK)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:127
+msgid "This page gives an overview over currently download/upload rate."
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:194
+msgid "Traffic Priority Settings"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:42
+msgid "Type of Limit Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:144
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:181
+msgid "Unit"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:80
+msgid "Upload Bandwidth (Mbps)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:154
+msgid "Upload Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:96
+msgid "White List for Limit Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:221
+msgid "e.g. https, 23, (separator is comma)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:44
+msgid "kB"
+msgstr ""
diff --git a/package/lean/luci-app-nft-qos/po/zh-cn/nft-qos.po b/package/lean/luci-app-nft-qos/po/zh-cn/nft-qos.po
new file mode 100644
index 000000000..ccddb4892
--- /dev/null
+++ b/package/lean/luci-app-nft-qos/po/zh-cn/nft-qos.po
@@ -0,0 +1,250 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.0.3\n"
+"Last-Translator: \n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"Language: zh_CN\n"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:136
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:155
+msgid "Bytes Total"
+msgstr "字节总数"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:141
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:160
+msgid "Collecting data..."
+msgstr "正在收集数据"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:224
+msgid "Comment"
+msgstr "注释"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:48
+msgid "Default Download Rate"
+msgstr "默认下载速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:53
+msgid "Default Download Unit"
+msgstr "默认下载速率单位"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:107
+msgid "Default Network Interface"
+msgstr "默认网络接口"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:60
+msgid "Default Upload Rate"
+msgstr "默认上传速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:65
+msgid "Default Upload Unit"
+msgstr "默认上传速率单位"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:53
+msgid "Default unit for download rate"
+msgstr "默认的下载速率单位"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:65
+msgid "Default unit for upload rate"
+msgstr "默认的上传速率单位"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:75
+msgid "Default value for download bandwidth"
+msgstr "下载带宽的默认值"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:48
+msgid "Default value for download rate"
+msgstr "下载速率的默认值"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:80
+msgid "Default value for upload bandwidth"
+msgstr "上传带宽的默认值"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:60
+msgid "Default value for upload rate"
+msgstr "上传速率的默认值"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:75
+msgid "Download Bandwidth (Mbps)"
+msgstr "下载带宽 (Mbps)"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:135
+msgid "Download Rate"
+msgstr "下载速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:38
+msgid "Enable Limit Rate Feature"
+msgstr "开启速率限制功能"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:103
+msgid "Enable Traffic Priority"
+msgstr "开启流量优先级"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:103
+msgid "Enable this feature"
+msgstr "开启这个功能"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:121
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:158
+msgid "Hostname"
+msgstr "主机名"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:134
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:153
+msgid "IP Address"
+msgstr "IP地址"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:126
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:163
+msgid "IP Address(V4 / V6)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:128
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:165
+msgid "IP Address(V4 Only)"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:38
+msgid "Limit Enable"
+msgstr "限速开启"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:42
+msgid "Limit Type"
+msgstr "限速类型"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:135
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:172
+msgid "MAC (optional)"
+msgstr "物理地址(可选)"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:48
+msgid "MB"
+msgstr "MB"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:28
+msgid "NFT-QoS Settings"
+msgstr "NFT-QoS 设置"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:107
+msgid "Network Interface for Traffic Shaping, e.g. br-lan, eth0.1, eth0, etc"
+msgstr "流量整形的目标网络接口, 例如, br-lan, eth0.1, eth0, etc"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:85
+msgid "Network to be apply, e.g. 192.168.1.0/24, 10.2.0.0/16, etc"
+msgstr "将要应用规则的网络, 例如, 192.168.1.0/24, 10.2.0.0/16, 等等"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:91
+msgid "Network to be apply, e.g. AAAA::BBBB/64, CCCC::1/128, etc"
+msgstr "将要应用规则的网络, 例如, AAAA::BBBB/64, CCCC::1/128, 等等"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:65
+msgid "No information available"
+msgstr "没有更多的信息"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:137
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:156
+msgid "Packets Total"
+msgstr "数据包总数"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:207
+msgid "Priority"
+msgstr "优先级"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:199
+msgid "Protocol"
+msgstr "协议"
+
+#: applications/luci-app-nft-qos/luasrc/controller/nft-qos.lua:16
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:23
+msgid "Qos over Nftables"
+msgstr "QoS Nftables版"
+
+#: applications/luci-app-nft-qos/luasrc/controller/nft-qos.lua:12
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:139
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:176
+msgid "Rate"
+msgstr "速率"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:130
+msgid "Realtime Download Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:125
+msgid "Realtime Rate"
+msgstr "实时速率显示"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:149
+msgid "Realtime Upload Rate"
+msgstr ""
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:221
+msgid "Service"
+msgstr "服务/端口"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:116
+msgid "Static QoS-Download Rate"
+msgstr "静态QoS-下载速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:153
+msgid "Static QoS-Upload Rate"
+msgstr "静态QoS-上传速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:85
+msgid "Target Network (IPv4/MASK)"
+msgstr "目标网络(IPv4地址/掩码)"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:91
+msgid "Target Network6 (IPv6/MASK)"
+msgstr "目标网络v6(IPv6地址/掩码)"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:127
+msgid "This page gives an overview over currently download/upload rate."
+msgstr "该页面提供了当前上传和下载速率的一个总览"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:194
+msgid "Traffic Priority Settings"
+msgstr "流量优先级设置"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:42
+msgid "Type of Limit Rate"
+msgstr "限速的类型"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:144
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:181
+msgid "Unit"
+msgstr "单位"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:80
+msgid "Upload Bandwidth (Mbps)"
+msgstr "上传带宽 (Mbps)"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:154
+msgid "Upload Rate"
+msgstr "上传速率"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:96
+msgid "White List for Limit Rate"
+msgstr "限速白名单"
+
+#: applications/luci-app-nft-qos/luasrc/model/cbi/nft-qos/nft-qos.lua:221
+msgid "e.g. https, 23, (separator is comma)"
+msgstr "例如, https, 23 (用逗号分隔)"
+
+#: applications/luci-app-nft-qos/luasrc/view/nft-qos/rate.htm:44
+msgid "kB"
+msgstr "kB"
+
+#~ msgid "Dynamic Rate Limit"
+#~ msgstr "动态QoS"
+
+#~ msgid "Rate Limit"
+#~ msgstr "速率限制"
+
+#~ msgid "Traffic Priority"
+#~ msgstr "流量优先级"
diff --git a/package/lean/nft-qos/Makefile b/package/lean/nft-qos/Makefile
new file mode 100644
index 000000000..206745bfe
--- /dev/null
+++ b/package/lean/nft-qos/Makefile
@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nft-qos
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0
+
+PKG_MAINTAINER:=Rosy Song <rosysong@rosinson.com>
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nft-qos
+  SECTION:=utils
+  CATEGORY:=Base system
+  DEPENDS:=+nftables +kmod-nft-netdev +kmod-nft-bridge
+  TITLE:=QoS scripts over nftables
+endef
+
+define Package/nft-qos/description
+ This package provides implementation for qos over nftables.
+ Currently, static/dynamic qos and traffic shaping are supported.
+endef
+
+define Package/nft-qos/conffiles
+/etc/config/nft-qos
+endef
+
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/nft-qos/install
+	$(INSTALL_DIR) $(1)/lib/nft-qos
+	$(INSTALL_DATA) ./files/lib/* $(1)/lib/nft-qos/
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/nft-qos.config $(1)/etc/config/nft-qos
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/nft-qos.init $(1)/etc/init.d/nft-qos
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/dhcp
+	$(INSTALL_BIN) ./files/nft-qos-monitor.hotplug $(1)/etc/hotplug.d/dhcp/00-nft-qos-monitor
+	$(INSTALL_BIN) ./files/nft-qos-dynamic.hotplug $(1)/etc/hotplug.d/dhcp/01-nft-qos-dynamic
+endef
+
+$(eval $(call BuildPackage,nft-qos))
diff --git a/package/lean/nft-qos/files/lib/core.sh b/package/lean/nft-qos/files/lib/core.sh
new file mode 100644
index 000000000..d3c9d641f
--- /dev/null
+++ b/package/lean/nft-qos/files/lib/core.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+# for uci_validate_section()
+. /lib/functions/procd.sh
+
+NFT_QOS_HAS_BRIDGE=
+NFT_QOS_INET_FAMILY=ip
+NFT_QOS_SCRIPT_TEXT=
+NFT_QOS_SCRIPT_FILE=/tmp/qos.nft
+
+qosdef_appendx() { # <string to be appended>
+	NFT_QOS_SCRIPT_TEXT="$NFT_QOS_SCRIPT_TEXT""$1"
+}
+
+qosdef_append_chain_def() { # <type> <hook> <priority> <policy>
+	qosdef_appendx "\t\ttype $1 hook $2 priority $3; policy $4;\n"
+}
+
+qosdef_append_chain_ingress() { # <type> <device> <priority> <policy>
+	qosdef_appendx "\t\ttype $1 hook ingress device $2 priority $3; policy $4;\n"
+}
+
+# qosdef_append_rule_{MATCH}_{STATEMENT}
+qosdef_append_rule_ip_limit() { # <ipaddr> <operator> <unit> <rate>
+	local ipaddr=$1
+	local operator=$2
+	local unit=$3
+	local rate=$4
+
+	qosdef_appendx \
+	    "\t\tip $operator $ipaddr limit rate over $rate $unit/second drop\n"
+}
+
+# qosdef_append_rule_{MATCH}_{POLICY}
+qosdef_append_rule_ip_policy() { # <operator> <ipaddr> <policy>
+	qosdef_appendx "\t\tip $1 $2 $3\n"
+}
+
+_handle_limit_whitelist() { # <value> <chain>
+	local ipaddr=$1
+	local operator
+
+	[ -z "$ipaddr" ] && return
+
+	case "$2" in
+		download) operator="daddr";;
+		upload) operator="saddr";;
+	esac
+
+	qosdef_append_rule_ip_policy $operator $ipaddr accept
+}
+
+qosdef_append_rule_limit_whitelist() { # <chain>
+	config_list_foreach default limit_whitelist _handle_limit_whitelist $1
+}
+
+qosdef_flush_table() { # <family> <table>
+	nft flush table $1 $2 2>/dev/null
+}
+
+qosdef_remove_table() { # <family> <table>
+	nft delete table $1 $2 2>/dev/null
+}
+
+qosdef_init_header() { # add header for nft script
+	qosdef_appendx "#!/usr/sbin/nft -f\n"
+	qosdef_appendx "# Copyright (C) 2018 rosysong@rosinson.com\n"
+	qosdef_appendx "#\n\n"
+}
+
+qosdef_init_env() {
+	# check interface type of lan
+	local lt="$(uci_get "network.lan.type")"
+	[ "$lt" = "bridge" ] && export NFT_QOS_HAS_BRIDGE="y"
+
+	# check if ipv6 support
+	[ -e /proc/sys/net/ipv6 ] && export NFT_QOS_INET_FAMILY="inet"
+}
+
+qosdef_clean_cache() {
+	rm -f $NFT_QOS_SCRIPT_FILE
+}
+
+qosdef_init_done() {
+	echo -e $NFT_QOS_SCRIPT_TEXT > $NFT_QOS_SCRIPT_FILE 2>/dev/null
+}
+
+qosdef_start() {
+	nft -f $NFT_QOS_SCRIPT_FILE 2>/dev/null
+}
diff --git a/package/lean/nft-qos/files/lib/dynamic.sh b/package/lean/nft-qos/files/lib/dynamic.sh
new file mode 100644
index 000000000..960ca5282
--- /dev/null
+++ b/package/lean/nft-qos/files/lib/dynamic.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+. /lib/nft-qos/core.sh
+
+# return average rate for dhcp leases
+qosdef_dynamic_rate() { # <bandwidth>
+	local c=0 c6=0
+
+	[ ! -e /tmp/dhcp.leases -a \
+	  ! -e /var/dhcp6.leases ] && return
+
+	[ -e /tmp/dhcp.leases ] && \
+	  c=$(wc -l < /tmp/dhcp.leases 2>/dev/null)
+	[ -e /var/dhcp6.leases ] && \
+	  c6=$(wc -l < /var/dhcp6.leases 2>/dev/null)
+	[ $c -eq 0 -a $c6 -eq 0 ] && \
+	  { echo 12500; return; }
+
+	echo $(($1 / ($c + $c6)))
+}
+
+qosdef_append_chain_dym() { # <hook> <name> <bandwidth>
+	local cidr cidr6
+	local operator rate
+	local hook=$1 name=$2 bandwidth=$3
+
+	config_get cidr default 'dynamic_cidr'
+	config_get cidr6 default 'dynamic_cidr6'
+
+	[ -z "$cidr" -a -z "$cidr6" ] && return
+
+	case "$2" in
+		download) operator=daddr;;
+		upload) operator=saddr;;
+	esac
+
+	rate=$(qosdef_dynamic_rate $bandwidth)
+
+	qosdef_appendx "\tchain $name {\n"
+	qosdef_append_chain_def filter $hook 0 accept
+	qosdef_append_rule_limit_whitelist $name
+	[ -n "$cidr" ] && \
+		qosdef_append_rule_ip_limit $cidr $operator kbytes $rate
+	[ -n "$cidr6" ] && \
+		qosdef_append_rule_ip_limit $cidr6 $operator kbytes $rate
+	qosdef_appendx "\t}\n"
+}
+
+qosdef_flush_dynamic() {
+	qosdef_flush_table "$NFT_QOS_INET_FAMILY" nft-qos-dynamic
+}
+
+# init dynamic qos
+qosdef_init_dynamic() {
+	local dynamic_bw_up dynamic_bw_down limit_enable limit_type
+	local hook_ul="input" hook_dl="postrouting"
+
+	uci_validate_section nft-qos default default \
+		'limit_enable:bool:0' \
+		'limit_type:maxlength(8)' \
+		'dynamic_bw_up:uinteger:100' \
+		'dynamic_bw_down:uinteger:100'
+
+	[ $? -ne 0 ] && {
+		logger -t nft-qos-dynamic "validation failed"
+		return 1
+	}
+
+	[ $limit_enable -eq 0 -o \
+		"$limit_type" = "static" ] && return 1
+
+	# Transfer mbits/s to mbytes/s
+	# e.g. 100,000 kbits == 12,500 kbytes
+	dynamic_bw_up=$(($dynamic_bw_up * 1000 / 8))
+	dynamic_bw_down=$(($dynamic_bw_down * 1000 / 8))
+
+	[ -z "$NFT_QOS_HAS_BRIDGE" ] && {
+		hook_ul="postrouting"
+		hook_dl="input"
+	}
+
+	qosdef_appendx "table $NFT_QOS_INET_FAMILY nft-qos-dynamic {\n"
+	qosdef_append_chain_dym $hook_ul upload $dynamic_bw_up
+	qosdef_append_chain_dym $hook_dl download $dynamic_bw_down
+	qosdef_appendx "}\n"
+}
diff --git a/package/lean/nft-qos/files/lib/monitor.sh b/package/lean/nft-qos/files/lib/monitor.sh
new file mode 100644
index 000000000..d05943ae2
--- /dev/null
+++ b/package/lean/nft-qos/files/lib/monitor.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+. /lib/nft-qos/core.sh
+
+qosdef_monitor_get_ip_handle() { # <family> <chain> <ip>
+	echo $(nft list chain $1 nft-qos-monitor $2 -a 2>/dev/null | grep $3 | awk '{print $11}')
+}
+
+qosdef_monitor_add() { # <mac> <ip> <hostname>
+	handle_dl=$(qosdef_monitor_get_ip_handle $NFT_QOS_INET_FAMILY download $2)
+	[ -z "$handle_dl" ] && nft add rule $NFT_QOS_INET_FAMILY nft-qos-monitor download ip daddr $2 counter
+	handle_ul=$(qosdef_monitor_get_ip_handle $NFT_QOS_INET_FAMILY upload $2)
+	[ -z "$handle_ul" ] && nft add rule $NFT_QOS_INET_FAMILY nft-qos-monitor upload ip saddr $2 counter
+}
+
+qosdef_monitor_del() { # <mac> <ip> <hostname>
+	local handle_dl handle_ul
+	handle_dl=$(qosdef_monitor_get_ip_handle $NFT_QOS_INET_FAMILY download $2)
+	handle_ul=$(qosdef_monitor_get_ip_handle $NFT_QOS_INET_FAMILY upload $2)
+	[ -n "$handle_dl" ] && nft delete handle $handle_dl
+	[ -n "$handle_ul" ] && nft delete handle $handle_ul
+}
+
+# init qos monitor
+qosdef_init_monitor() {
+	local hook_ul="input" hook_dl="postrouting"
+
+	[ -z "$NFT_QOS_HAS_BRIDGE" ] && {
+		hook_ul="postrouting"
+		hook_dl="input"
+	}
+
+	nft add table $NFT_QOS_INET_FAMILY nft-qos-monitor
+	nft add chain $NFT_QOS_INET_FAMILY nft-qos-monitor upload { type filter hook $hook_ul priority 0\; }
+	nft add chain $NFT_QOS_INET_FAMILY nft-qos-monitor download { type filter hook $hook_dl priority 0\; }
+}
diff --git a/package/lean/nft-qos/files/lib/priority.sh b/package/lean/nft-qos/files/lib/priority.sh
new file mode 100644
index 000000000..59288b85c
--- /dev/null
+++ b/package/lean/nft-qos/files/lib/priority.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+. /lib/functions/network.sh
+. /lib/nft-qos/core.sh
+
+P1=""; P2=""; P3=""; P4=""; P5=""; P6="";
+P7=""; P8=""; P9=""; P10=""; P11="";
+
+_qosdef_handle_protox() { # <priority> <rule>
+	case "$1" in
+		-400) P1="$P1""$2";;
+		-300) P2="$P2""$2";;
+		-225) P3="$P3""$2";;
+		-200) P4="$P4""$2";;
+		-150) P5="$P5""$2";;
+		-100) P6="$P6""$2";;
+		0) P7="$P7""$2";;
+		50) P8="$P8""$2";;
+		100) P9="$P9""$2";;
+		225) P10="$P10""$2";;
+		300) P11="$P11""$2";;
+	esac
+}
+
+qosdef_handle_protox() { # <section>
+	local proto prio srv
+
+	config_get proto $1 'protocol'
+	config_get prio $1 'priority'
+	config_get srv $1 'service'
+
+	[ -z "$proto" -o \
+		-z "$prio" -o \
+		-z "$srv" ] && return
+
+	_qosdef_handle_protox $prio \
+	    "\t\t$proto dport { $srv } accept\n"
+}
+
+qosdef_append_rule_protox() { # <section>
+	config_foreach qosdef_handle_protox $1
+	qosdef_appendx \
+		"${P1}${P2}${P3}${P4}${P5}${P6}${P7}${P8}${P9}${P10}${P11}"
+}
+
+qosdef_append_chain_priority() { # <name> <section> <device>
+	local name=$1 device=$3
+
+	qosdef_appendx "\tchain $name {\n"
+	qosdef_append_chain_ingress filter $device 0 accept
+	qosdef_append_rule_protox $2
+	qosdef_appendx "\t}\n"
+}
+
+qosdef_remove_priority() {
+	qosdef_remove_table netdev nft-qos-priority
+}
+
+# init traffic priority
+qosdef_init_priority() {
+	local priority_enable priority_netdev ifname="br-lan"
+
+	uci_validate_section nft-qos default default \
+		'priority_enable:bool:0' \
+		'priority_netdev:maxlength(8)'
+
+	[ $? -ne 0 ] && {
+		logger -t nft-qos-priority "validation failed"
+		return 1
+	}
+
+	[ $priority_enable -eq 0 ] && return 1
+
+	case "$priority_netdev" in
+		lan) [ "$(uci_get network.lan.type)" != "bridge" ] && {
+				network_get_device ifname "$priority_netdev" || \
+				ifname="$(uci_get network.lan.ifname)"
+			}
+		;;
+		wan*) network_get_device ifname "$priority_netdev" || \
+			ifname="$(uci_get network.$priority_netdev.ifname)"
+	esac
+
+	qosdef_appendx "table netdev nft-qos-priority {\n"
+	qosdef_append_chain_priority filter priority $ifname
+	qosdef_appendx "}\n"
+}
diff --git a/package/lean/nft-qos/files/lib/static.sh b/package/lean/nft-qos/files/lib/static.sh
new file mode 100644
index 000000000..cb56b4925
--- /dev/null
+++ b/package/lean/nft-qos/files/lib/static.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+. /lib/nft-qos/core.sh
+
+# append rule for static qos
+qosdef_append_rule_sta() { # <section> <operator> <default-unit> <default-rate>
+	local ipaddr unit rate
+	local operator=$2
+
+	config_get ipaddr $1 ipaddr
+	config_get unit $1 unit $3
+	config_get rate $1 rate $4
+
+	[ -z "$ipaddr" ] && return
+
+	qosdef_append_rule_ip_limit $ipaddr $operator $unit $rate
+}
+
+# append chain for static qos
+qosdef_append_chain_sta() { # <hook> <name> <section> <unit> <rate>
+	local hook=$1 name=$2
+	local config=$3 operator
+
+	case "$name" in
+		download) operator="daddr";;
+		upload) operator="saddr";;
+	esac
+
+	qosdef_appendx "\tchain $name {\n"
+	qosdef_append_chain_def filter $hook 0 accept
+	qosdef_append_rule_limit_whitelist $name
+	config_foreach qosdef_append_rule_sta $config $operator $4 $5
+	qosdef_appendx "\t}\n"
+}
+
+qosdef_flush_static() {
+	qosdef_flush_table "$NFT_QOS_INET_FAMILY" nft-qos-static
+}
+
+# static limit rate init
+qosdef_init_static() {
+	local unit_dl unit_ul rate_dl rate_ul
+	local limit_enable limit_type hook_ul="input" hook_dl="postrouting"
+
+	uci_validate_section nft-qos default default \
+		'limit_enable:bool:0' \
+		'limit_type:maxlength(8)' \
+		'static_unit_dl:string:kbytes' \
+		'static_unit_ul:string:kbytes' \
+		'static_rate_dl:uinteger:50' \
+		'static_rate_ul:uinteger:50'
+
+	[ $? -ne 0 ] && {
+		logger -t nft-qos-static "validation failed"
+		return 1
+	}
+
+	[ $limit_enable -eq 0 -o \
+		$limit_type = "dynamic" ] && return 1
+
+	[ -z "$NFT_QOS_HAS_BRIDGE" ] && {
+		hook_ul="postrouting"
+		hook_dl="input"
+	}
+
+	qosdef_appendx "table $NFT_QOS_INET_FAMILY nft-qos-static {\n"
+	qosdef_append_chain_sta $hook_ul upload upload $unit_ul $rate_ul
+	qosdef_append_chain_sta $hook_dl download download $unit_dl $rate_dl
+	qosdef_appendx "}\n"
+}
diff --git a/package/lean/nft-qos/files/nft-qos-dynamic.hotplug b/package/lean/nft-qos/files/nft-qos-dynamic.hotplug
new file mode 100644
index 000000000..fb38b7ea9
--- /dev/null
+++ b/package/lean/nft-qos/files/nft-qos-dynamic.hotplug
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Copyright 2018 rosysong@rosinson.com
+#
+
+. /lib/functions.sh
+. /lib/nft-qos/core.sh
+. /lib/nft-qos/dynamic.sh
+
+NFT_QOS_DYNAMIC_ON=
+
+qosdef_validate_section_dynamic() {
+	local limit_enable limit_type
+
+	uci_validate_section nft-qos default default \
+		'limit_enable:bool:0' \
+		'limit_type:maxlength(8)'
+
+	[ $limit_enable -eq 1 -a \
+	  "$limit_type" = "dynamic" ] && \
+	    NFT_QOS_DYNAMIC_ON="y"
+}
+
+
+logger -t nft-qos-dynamic "ACTION=$ACTION, MACADDR=$MACADDR, IPADDR=$IPADDR, HOSTNAME=$HOSTNAME"
+
+case "$ACTION" in
+	add | update | remove)
+		qosdef_validate_section_dynamic
+		[ -z "$NFT_QOS_DYNAMIC_ON" ] && return
+
+		qosdef_init_env
+		qosdef_flush_dynamic
+
+		qosdef_init_header
+		qosdef_init_dynamic
+		qosdef_init_done
+		qosdef_start
+		;;
+esac
diff --git a/package/lean/nft-qos/files/nft-qos-monitor.hotplug b/package/lean/nft-qos/files/nft-qos-monitor.hotplug
new file mode 100644
index 000000000..df04fa6d0
--- /dev/null
+++ b/package/lean/nft-qos/files/nft-qos-monitor.hotplug
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Copyright 2018 rosysong@rosinson.com
+#
+
+. /lib/nft-qos/monitor.sh
+
+logger -t nft-qos-monitor "ACTION=$ACTION, MACADDR=$MACADDR, IPADDR=$IPADDR, HOSTNAME=$HOSTNAME"
+
+case "$ACTION" in
+	add | update) qosdef_init_env && qosdef_monitor_add $MACADDR $IPADDR $HOSTNAME;;
+	remove) qosdef_init_env && qosdef_monitor_del $MACADDR $IPADDR $HOSTNAME;;
+esac
diff --git a/package/lean/nft-qos/files/nft-qos.config b/package/lean/nft-qos/files/nft-qos.config
new file mode 100644
index 000000000..d18949007
--- /dev/null
+++ b/package/lean/nft-qos/files/nft-qos.config
@@ -0,0 +1,106 @@
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+# This is the sample for nft-qos configuration file,
+# which will generate a nftables script in /tmp/qos.nft
+#
+
+# Getting Started
+# Official site      :
+#  https://netfilter.org/projects/nftables/index.html
+# What is nftables   :
+#  https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
+#
+
+# Basic Operations
+# Configuring Tables :
+#  https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables
+# Configuring Chains :
+#  https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
+# Configuring Rules  :
+#  https://wiki.nftables.org/wiki-nftables/index.php/Simple_rule_management
+# Quick Reference (recommended)   :
+#  https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes
+#  https://netfilter.org/projects/nftables/manpage.html
+#
+
+config default default
+	# Enable Flag for limit rate
+	option limit_enable '1'
+
+	# Options for enable Static QoS (rate limit)
+	option limit_type 'static'
+	# Options for Static QoS (rate limit)
+	option static_unit_dl 'kbytes'
+	option static_unit_ul 'kbytes'
+	option static_rate_dl '50'
+	option static_rate_ul '50'
+
+	# Options for enable Dynamic QoS
+	# This option can not compatible with Static QoS
+	# option limit_type 'dynamic'
+
+	# For Dynamic QoS Samples (unit of bandwidth is Mbps):
+	option dynamic_cidr '192.168.1.0/24'
+	option dynamic_cidr6 'AAAA:BBBB::1/64'
+	option dynamic_bw_up '100'
+	option dynamic_bw_down '100'
+
+	# White list for static/dynamic limit
+	# list limit_whitelist '192.168.1.225'
+	# list limit_whitelist '192.168.1.0/24'
+	# list limit_whitelist 'ABCD:CDEF::1/64'
+
+	# Options for Traffic Priority
+	option priority_enable '0'
+	option priority_netdev 'lan'
+
+
+#
+# For Static QoS Rate Limit Samples :
+#
+# For Download :
+#config download
+#	option hostname 'My PC'
+#	option unit 'kbytes'
+#	option ipaddr '192.168.1.224'
+#	option rate '128'
+#
+# For Upload :
+#config upload
+#	option hostname 'office-pc'
+#	option unit 'mbytes'
+#	option ipaddr 'ABCD:FFED::1/64'
+#	option rate '1024'
+#
+#
+# Traffic Priority Samples :
+#
+# protocol : tcp, udp, udplite, sctp, dccp, tcp is default
+# priority : integer between 1-11, 1 is default
+# service : you can input a integer or service name, e.g. '22', '11-22', 'telnet', 'ssh, http, ftp', etc
+#
+#config priority
+#	option protocol 'tcp'
+#	option priority '-400'
+#	option service '23'
+#	option comment '?'
+#
+#config priority
+#	option protocol 'udp'
+#	option priority '-400'
+#	option service 'https'
+#	option comment '?'
+#
+#config priority
+#	option protocol 'dccp'
+#	option priority '0'
+#	option service '22-35'
+#	option comment '?'
+#
+#config priority
+#	option protocol 'dccp'
+#	option priority '300'
+#	option service 'ftp,ssh,http'
+#	option comment '?'
+#
diff --git a/package/lean/nft-qos/files/nft-qos.init b/package/lean/nft-qos/files/nft-qos.init
new file mode 100755
index 000000000..e48418c75
--- /dev/null
+++ b/package/lean/nft-qos/files/nft-qos.init
@@ -0,0 +1,41 @@
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2018 rosysong@rosinson.com
+#
+
+. /lib/nft-qos/core.sh
+. /lib/nft-qos/monitor.sh
+. /lib/nft-qos/dynamic.sh
+. /lib/nft-qos/static.sh
+. /lib/nft-qos/priority.sh
+
+START=99
+USE_PROCD=1
+
+service_triggers() {
+	procd_add_reload_trigger nft-qos
+}
+
+start_service() {
+	config_load nft-qos
+
+	qosdef_init_env
+	qosdef_flush_static
+	qosdef_flush_dynamic
+	qosdef_remove_priority
+
+	qosdef_init_header
+	qosdef_init_monitor
+	qosdef_init_dynamic
+	qosdef_init_static
+	qosdef_init_priority
+	qosdef_init_done
+	qosdef_start
+}
+
+stop_service() {
+	qosdef_flush_dynamic
+	qosdef_flush_static
+	qosdef_remove_priority
+	qosdef_clean_cache
+}
diff --git a/package/lean/shadowsocksR-libev-full/Makefile b/package/lean/shadowsocksR-libev-full/Makefile
deleted file mode 100644
index fcc0d621a..000000000
--- a/package/lean/shadowsocksR-libev-full/Makefile
+++ /dev/null
@@ -1,235 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=shadowsocksR-libev
-PKG_VERSION:=3.0.9
-PKG_RELEASE:=3
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.gz
-PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d4904568c0bd7e0861c0cbfeaa43740f404db214
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_MAINTAINER:=breakwa11
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_INSTALL:=1
-PKG_FIXUP:=autoreconf
-PKG_USE_MIPS16:=0
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/shadowsocksr-libev/Default
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=Lightweight Secured Socks5 Proxy
-  URL:=https://github.com/breakwa11/shadowsocks-libev
-endef
-
-define Package/shadowsocksr-libev
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (OpenSSL)
-  VARIANT:=openssl
-  DEPENDS:=+libopenssl +libpthread +libpcre +zlib
-endef
-
-define Package/shadowsocksr-libev-alt
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (OpenSSL)
-  VARIANT:=openssl
-  DEPENDS:=+libopenssl +libpthread +libpcre +zlib
-endef
-
-define Package/shadowsocksr-libev-mini
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (PolarSSL)
-  VARIANT:=polarssl
-  DEPENDS:=+libpolarssl +libpthread +libpcre
-endef
-
-define Package/shadowsocksr-libev-polarssl
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (PolarSSL)
-  VARIANT:=polarssl
-  DEPENDS:=+libpolarssl +libpthread +libpcre
-endef
-
-define Package/shadowsocksr-libev-gfwlist
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (OpenSSL)
-  VARIANT:=openssl
-  DEPENDS:=+libopenssl +libpthread +dnsmasq-full +ipset +iptables +wget +libpcre
-endef
-
-define Package/shadowsocksr-libev-gfwlist-polarssl
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (PolarSSL)
-  VARIANT:=polarssl
-  DEPENDS:=+libpolarssl +libpthread +dnsmasq-full +ipset +iptables +wget-nossl +libpcre
-endef
-
-define Package/shadowsocksr-libev-gfwlist-4M
-  $(call Package/shadowsocksr-libev/Default)
-  TITLE+= (PolarSSL)
-  VARIANT:=polarssl
-  DEPENDS:=+libpolarssl +libpthread +dnsmasq-full +ipset +iptables +libpcre
-endef
-
-
-define Package/shadowsocksr-libev/description
-ShadowsocksR-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes.
-endef
-
-Package/shadowsocksr-libev-mini/description=$(Package/shadowsocksr-libev/description)
-Package/shadowsocksr-libev-alt/description=$(Package/shadowsocksr-libev/description)
-Package/shadowsocksr-libev-polarssl/description=$(Package/shadowsocksr-libev/description)
-Package/shadowsocksr-libev-gfwlist/description=$(Package/shadowsocksr-libev/description)
-Package/shadowsocksr-libev-gfwlist-polarssl/description=$(Package/shadowsocksr-libev/description)
-Package/shadowsocksr-libev-gfwlist-4M/description=$(Package/shadowsocksr-libev/description)
-
-
-define Package/shadowsocksr-libev/conffiles
-/etc/shadowsocksr.json
-endef
-
-Package/shadowsocksr-libev-alt/conffiles = $(Package/shadowsocksr-libev/conffiles)
-Package/shadowsocksr-libev-mini/conffiles = $(Package/shadowsocksr-libev/conffiles)
-Package/shadowsocksr-libev-polarssl/conffiles = $(Package/shadowsocksr-libev/conffiles)
-
-define Package/shadowsocksr-libev-gfwlist/conffiles
-/etc/shadowsocksr.json
-/etc/dnsmasq.d/custom_list.conf
-endef
-
-Package/shadowsocksr-libev-gfwlist-polarssl/conffiles = $(Package/shadowsocksr-libev-gfwlist/conffiles)
-Package/shadowsocksr-libev-gfwlist-4M/conffiles = $(Package/shadowsocksr-libev-gfwlist/conffiles)
-
-
-
-Package/shadowsocksr-libev-server-polarssl/conffiles = $(Package/shadowsocksr-libev-server/conffiles)
-
-define Package/shadowsocksr-libev-gfwlist/postinst
-#!/bin/sh
-if [ ! -f /etc/dnsmasq.d/custom_list.conf ]; then
-	echo "ipset -N gfwlist iphash" >> /etc/firewall.user
-	echo "iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080" >> /etc/firewall.user
-	echo "iptables -t nat -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080" >> /etc/firewall.user
-	
-	echo "cache-size=5000" >> /etc/dnsmasq.conf
-	echo "min-cache-ttl=1800" >> /etc/dnsmasq.conf
-	echo "conf-dir=/etc/dnsmasq.d" >> /etc/dnsmasq.conf
-	
-	echo "*/10 * * * * /root/ssr-watchdog >> /var/log/shadowsocksr_watchdog.log 2>&1" >> /etc/crontabs/root
-	echo "0 1 * * 0 echo \"\" > /var/log/shadowsocksr_watchdog.log" >> /etc/crontabs/root
-fi
-
-if [ -z "$${IPKG_INSTROOT}" ]; then
-	ipset create gfwlist hash:ip
-	iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080
-	iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080
-
-	/etc/init.d/dnsmasq restart
-	/etc/init.d/cron restart
-	/etc/init.d/shadowsocksr restart
-fi
-exit 0
-endef
-
-define Package/shadowsocks-libev-gfwlist/postrm
-#!/bin/sh
-if [ -z "$${IPKG_INSTROOT}" ]; then
-	sed -i '/cache-size=5000/d' /etc/dnsmasq.conf
-	sed -i '/min-cache-ttl=1800/d' /etc/dnsmasq.conf
-	sed -i '/conf-dir=\/etc\/dnsmasq.d/d' /etc/dnsmasq.conf
-	rm -rf /etc/dnsmasq.d
-	/etc/init.d/dnsmasq restart
-
-	sed -i '/ipset create gfwlist hash:ip/d' /etc/firewall.user
-	sed -i '/iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080/d' /etc/firewall.user
-	sed -i '/iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080/d' /etc/firewall.user
-	ipset flush gfwlist
-
-	sed -i '/shadowsocksr_watchdog.log/d' /etc/crontabs/root
-	/etc/init.d/cron restart
-fi
-exit 0
-endef
-
-Package/shadowsocksr-libev-gfwlist-polarssl/postinst = $(Package/shadowsocksr-libev-gfwlist/postinst)
-Package/shadowsocksr-libev-gfwlist-polarssl/postrm = $(Package/shadowsocksr-libev-gfwlist/postrm)
-Package/shadowsocksr-libev-gfwlist-4M/postinst = $(Package/shadowsocksr-libev-gfwlist/postinst)
-Package/shadowsocksr-libev-gfwlist-4M/postrm = $(Package/shadowsocksr-libev-gfwlist/postrm)
-
-CONFIGURE_ARGS += --disable-ssp
-
-ifeq ($(BUILD_VARIANT),polarssl)
-	CONFIGURE_ARGS += --with-crypto-library=polarssl
-endif
-
-define Package/shadowsocksr-libev/install
-	#$(INSTALL_DIR) $(1)/etc/init.d
-	#$(INSTALL_BIN) ./files/shadowsocksr $(1)/etc/init.d/shadowsocksr
-	#$(INSTALL_CONF) ./files/shadowsocksr.json $(1)/etc/shadowsocksr.json
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
-	$(LN) ssr-local $(1)/usr/bin/ssr-tunnel
-endef
-
-define Package/shadowsocksr-libev-mini/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-endef
-
-define Package/shadowsocksr-libev-alt/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
-	$(LN) ssr-local $(1)/usr/bin/ssr-tunnel
-endef
-
-Package/shadowsocksr-libev-polarssl/install=$(Package/shadowsocksr-libev/install)
-
-define Package/shadowsocksr-libev-gfwlist/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(LN) ssr-local $(1)/usr/bin/ssr-tunnel
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/shadowsocksr-gfwlist $(1)/etc/init.d/shadowsocksr
-	$(INSTALL_CONF) ./files/shadowsocksr-gfwlist.json $(1)/etc/shadowsocksr.json.main
-	$(INSTALL_CONF) ./files/shadowsocksr-gfwlist.json $(1)/etc/shadowsocksr.json.backup
-	$(INSTALL_CONF) ./files/firewall.user $(1)/etc/firewall.user
-	$(INSTALL_CONF) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf
-	$(INSTALL_DIR) $(1)/etc/dnsmasq.d
-	$(INSTALL_CONF) ./files/gfw_list.conf $(1)/etc/dnsmasq.d/gfw_list.conf
-	$(INSTALL_CONF) ./files/custom_list.conf $(1)/etc/dnsmasq.d/custom_list.conf
-	$(INSTALL_DIR) $(1)/root
-	$(INSTALL_BIN) ./files/ssr-watchdog $(1)/root/ssr-watchdog
-	$(INSTALL_DIR) $(1)/etc/crontabs
-	$(INSTALL_CONF) ./files/root $(1)/etc/crontabs/root
-	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller
-	$(INSTALL_CONF) ./files/shadowsocksr-libev.lua $(1)/usr/lib/lua/luci/controller/shadowsocksr-libev.lua
-	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev
-	$(INSTALL_CONF) ./files/shadowsocksr-libev-general.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-general.lua
-	$(INSTALL_CONF) ./files/shadowsocksr-libev-backup.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-backup.lua
-	$(INSTALL_CONF) ./files/shadowsocksr-libev-custom.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-custom.lua
-	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/shadowsocksr-libev
-	$(INSTALL_CONF) ./files/gfwlistr.htm $(1)/usr/lib/lua/luci/view/shadowsocksr-libev/gfwlistr.htm
-	$(INSTALL_CONF) ./files/watchdogr.htm $(1)/usr/lib/lua/luci/view/shadowsocksr-libev/watchdogr.htm
-endef
-
-Package/shadowsocksr-libev-gfwlist-polarssl/install = $(Package/shadowsocksr-libev-gfwlist/install)
-Package/shadowsocksr-libev-gfwlist-4M/install = $(Package/shadowsocksr-libev-gfwlist/install)
-
-
-$(eval $(call BuildPackage,shadowsocksr-libev))
-$(eval $(call BuildPackage,shadowsocksr-libev-mini))
-$(eval $(call BuildPackage,shadowsocksr-libev-alt))
-$(eval $(call BuildPackage,shadowsocksr-libev-polarssl))
-$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist))
-$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist-polarssl))
-$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist-4M))
-
diff --git a/package/lean/shadowsocksR-libev-full/files/custom_list.conf b/package/lean/shadowsocksR-libev-full/files/custom_list.conf
deleted file mode 100644
index 006595f72..000000000
--- a/package/lean/shadowsocksR-libev-full/files/custom_list.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-#server=/.baidu.com/127.0.0.1#5353
-#ipset=/.baidu.com/gfwlist
diff --git a/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf b/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf
deleted file mode 100644
index cd0660a7b..000000000
--- a/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# Change the following lines if you want dnsmasq to serve SRV
-# records.
-# You may add multiple srv-host lines.
-# The fields are <name>,<target>,<port>,<priority>,<weight>
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
-
-# Two SRV records for LDAP, each with different priorities
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
-
-# A SRV record indicating that there is no LDAP server for the domain
-# example.com
-#srv-host=_ldap._tcp.example.com
-
-# The following line shows how to make dnsmasq serve an arbitrary PTR
-# record. This is useful for DNS-SD.
-# The fields are <name>,<target>
-#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
-
-# Change the following lines to enable dnsmasq to serve TXT records.
-# These are used for things like SPF and zeroconf.
-# The fields are <name>,<text>,<text>...
-
-#Example SPF.
-#txt-record=example.com,"v=spf1 a -all"
-
-#Example zeroconf
-#txt-record=_http._tcp.example.com,name=value,paper=A4
-
-# Provide an alias for a "local" DNS name. Note that this _only_ works
-# for targets which are names from DHCP or /etc/hosts. Give host
-# "bert" another name, bertrand
-# The fields are <cname>,<target>
-#cname=bertand,bert
-
-cache-size=1000
-min-cache-ttl=1800
-conf-dir=/etc/dnsmasq.d
diff --git a/package/lean/shadowsocksR-libev-full/files/firewall.user b/package/lean/shadowsocksR-libev-full/files/firewall.user
deleted file mode 100644
index cf5b87454..000000000
--- a/package/lean/shadowsocksR-libev-full/files/firewall.user
+++ /dev/null
@@ -1,11 +0,0 @@
-# This file is interpreted as shell script.
-# Put your custom iptables rules here, they will
-# be executed with each firewall (re-)start.
-
-# Internal uci firewall chains are flushed and recreated on reload, so
-# put custom rules into the root chains e.g. INPUT or FORWARD or into the
-# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
-
-ipset create gfwlist hash:ip
-iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8989
-iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8989
diff --git a/package/lean/shadowsocksR-libev-full/files/gfw_list.conf b/package/lean/shadowsocksR-libev-full/files/gfw_list.conf
deleted file mode 100644
index 56880fe6c..000000000
--- a/package/lean/shadowsocksR-libev-full/files/gfw_list.conf
+++ /dev/null
@@ -1,6988 +0,0 @@
-server=/.0to255.com/127.0.0.1#5353
-ipset=/.0to255.com/gfwlist
-server=/.1000giri.net/127.0.0.1#5353
-ipset=/.1000giri.net/gfwlist
-server=/.100ke.org/127.0.0.1#5353
-ipset=/.100ke.org/gfwlist
-server=/.10conditionsoflove.com/127.0.0.1#5353
-ipset=/.10conditionsoflove.com/gfwlist
-server=/.10musume.com/127.0.0.1#5353
-ipset=/.10musume.com/gfwlist
-server=/.123rf.com/127.0.0.1#5353
-ipset=/.123rf.com/gfwlist
-server=/.12bet.com/127.0.0.1#5353
-ipset=/.12bet.com/gfwlist
-server=/.12vpn.com/127.0.0.1#5353
-ipset=/.12vpn.com/gfwlist
-server=/.12vpn.net/127.0.0.1#5353
-ipset=/.12vpn.net/gfwlist
-server=/.141hongkong.com/127.0.0.1#5353
-ipset=/.141hongkong.com/gfwlist
-server=/.141tube.com/127.0.0.1#5353
-ipset=/.141tube.com/gfwlist
-server=/.1688.com.au/127.0.0.1#5353
-ipset=/.1688.com.au/gfwlist
-server=/.173ng.com/127.0.0.1#5353
-ipset=/.173ng.com/gfwlist
-server=/.17t17p.com/127.0.0.1#5353
-ipset=/.17t17p.com/gfwlist
-server=/.18onlygirls.com/127.0.0.1#5353
-ipset=/.18onlygirls.com/gfwlist
-server=/.1949er.org/127.0.0.1#5353
-ipset=/.1949er.org/gfwlist
-server=/.1984bbs.com/127.0.0.1#5353
-ipset=/.1984bbs.com/gfwlist
-server=/.1984bbs.org/127.0.0.1#5353
-ipset=/.1984bbs.org/gfwlist
-server=/.1998cdp.org/127.0.0.1#5353
-ipset=/.1998cdp.org/gfwlist
-server=/.1bao.org/127.0.0.1#5353
-ipset=/.1bao.org/gfwlist
-server=/.1e100.net/127.0.0.1#5353
-ipset=/.1e100.net/gfwlist
-server=/.1eew.com/127.0.0.1#5353
-ipset=/.1eew.com/gfwlist
-server=/.1pondo.tv/127.0.0.1#5353
-ipset=/.1pondo.tv/gfwlist
-server=/.2000fun.com/127.0.0.1#5353
-ipset=/.2000fun.com/gfwlist
-server=/.2008xianzhang.info/127.0.0.1#5353
-ipset=/.2008xianzhang.info/gfwlist
-server=/.2017.hk/127.0.0.1#5353
-ipset=/.2017.hk/gfwlist
-server=/.21andy.com/127.0.0.1#5353
-ipset=/.21andy.com/gfwlist
-server=/.21pron.com/127.0.0.1#5353
-ipset=/.21pron.com/gfwlist
-server=/.24smile.org/127.0.0.1#5353
-ipset=/.24smile.org/gfwlist
-server=/.2-hand.info/127.0.0.1#5353
-ipset=/.2-hand.info/gfwlist
-server=/.2lipstube.com/127.0.0.1#5353
-ipset=/.2lipstube.com/gfwlist
-server=/.2shared.com/127.0.0.1#5353
-ipset=/.2shared.com/gfwlist
-server=/.315lz.com/127.0.0.1#5353
-ipset=/.315lz.com/gfwlist
-server=/.32red.com/127.0.0.1#5353
-ipset=/.32red.com/gfwlist
-server=/.36rain.com/127.0.0.1#5353
-ipset=/.36rain.com/gfwlist
-server=/.3a5a.com/127.0.0.1#5353
-ipset=/.3a5a.com/gfwlist
-server=/.3boys2girls.com/127.0.0.1#5353
-ipset=/.3boys2girls.com/gfwlist
-server=/.3ren.ca/127.0.0.1#5353
-ipset=/.3ren.ca/gfwlist
-server=/.3tui.net/127.0.0.1#5353
-ipset=/.3tui.net/gfwlist
-server=/.4bluestones.biz/127.0.0.1#5353
-ipset=/.4bluestones.biz/gfwlist
-server=/.4chan.org/127.0.0.1#5353
-ipset=/.4chan.org/gfwlist
-server=/.4irc.com/127.0.0.1#5353
-ipset=/.4irc.com/gfwlist
-server=/.4shared.com/127.0.0.1#5353
-ipset=/.4shared.com/gfwlist
-server=/.4sq.com/127.0.0.1#5353
-ipset=/.4sq.com/gfwlist
-server=/.51.ca/127.0.0.1#5353
-ipset=/.51.ca/gfwlist
-server=/.51luoben.com/127.0.0.1#5353
-ipset=/.51luoben.com/gfwlist
-server=/.56cun04.jigsy.com/127.0.0.1#5353
-ipset=/.56cun04.jigsy.com/gfwlist
-server=/.5i01.com/127.0.0.1#5353
-ipset=/.5i01.com/gfwlist
-server=/.5isotoi5.org/127.0.0.1#5353
-ipset=/.5isotoi5.org/gfwlist
-server=/.5maodang.com/127.0.0.1#5353
-ipset=/.5maodang.com/gfwlist
-server=/.64museum.org/127.0.0.1#5353
-ipset=/.64museum.org/gfwlist
-server=/.64tianwang.com/127.0.0.1#5353
-ipset=/.64tianwang.com/gfwlist
-server=/.64wiki.com/127.0.0.1#5353
-ipset=/.64wiki.com/gfwlist
-server=/.66.ca/127.0.0.1#5353
-ipset=/.66.ca/gfwlist
-server=/.666kb.com/127.0.0.1#5353
-ipset=/.666kb.com/gfwlist
-server=/.6park.com/127.0.0.1#5353
-ipset=/.6park.com/gfwlist
-server=/.7capture.com/127.0.0.1#5353
-ipset=/.7capture.com/gfwlist
-server=/.85.17.73.31/127.0.0.1#5353
-ipset=/.85.17.73.31/gfwlist
-server=/.85st.com/127.0.0.1#5353
-ipset=/.85st.com/gfwlist
-server=/.881903.com/127.0.0.1#5353
-ipset=/.881903.com/gfwlist
-server=/.888.com/127.0.0.1#5353
-ipset=/.888.com/gfwlist
-server=/.89-64.org/127.0.0.1#5353
-ipset=/.89-64.org/gfwlist
-server=/.8-d.com/127.0.0.1#5353
-ipset=/.8-d.com/gfwlist
-server=/.8z1.net/127.0.0.1#5353
-ipset=/.8z1.net/gfwlist
-server=/.9001700.com/127.0.0.1#5353
-ipset=/.9001700.com/gfwlist
-server=/.908taiwan.org/127.0.0.1#5353
-ipset=/.908taiwan.org/gfwlist
-server=/.91porn.com/127.0.0.1#5353
-ipset=/.91porn.com/gfwlist
-server=/.92ccav.com/127.0.0.1#5353
-ipset=/.92ccav.com/gfwlist
-server=/.99btgc01.com/127.0.0.1#5353
-ipset=/.99btgc01.com/gfwlist
-server=/.99cn.info/127.0.0.1#5353
-ipset=/.99cn.info/gfwlist
-server=/.9bis.com/127.0.0.1#5353
-ipset=/.9bis.com/gfwlist
-server=/.9bis.net/127.0.0.1#5353
-ipset=/.9bis.net/gfwlist
-server=/.a248.e.akamai.net/127.0.0.1#5353
-ipset=/.a248.e.akamai.net/gfwlist
-server=/.a5.com.ru/127.0.0.1#5353
-ipset=/.a5.com.ru/gfwlist
-server=/.aamacau.com/127.0.0.1#5353
-ipset=/.aamacau.com/gfwlist
-server=/.abc.com/127.0.0.1#5353
-ipset=/.abc.com/gfwlist
-server=/.abc.pp.ru/127.0.0.1#5353
-ipset=/.abc.pp.ru/gfwlist
-server=/.abc.xyz/127.0.0.1#5353
-ipset=/.abc.xyz/gfwlist
-server=/.abchinese.com/127.0.0.1#5353
-ipset=/.abchinese.com/gfwlist
-server=/.abitno.linpie.com/127.0.0.1#5353
-ipset=/.abitno.linpie.com/gfwlist
-server=/.ablwang.com/127.0.0.1#5353
-ipset=/.ablwang.com/gfwlist
-server=/.aboluowang.com/127.0.0.1#5353
-ipset=/.aboluowang.com/gfwlist
-server=/.aboutgfw.com/127.0.0.1#5353
-ipset=/.aboutgfw.com/gfwlist
-server=/.abs.edu/127.0.0.1#5353
-ipset=/.abs.edu/gfwlist
-server=/.ac.jiruan.net/127.0.0.1#5353
-ipset=/.ac.jiruan.net/gfwlist
-server=/.acevpn.com/127.0.0.1#5353
-ipset=/.acevpn.com/gfwlist
-server=/.acgkj.com/127.0.0.1#5353
-ipset=/.acgkj.com/gfwlist
-server=/.actimes.com.au/127.0.0.1#5353
-ipset=/.actimes.com.au/gfwlist
-server=/.activpn.com/127.0.0.1#5353
-ipset=/.activpn.com/gfwlist
-server=/.aculo.us/127.0.0.1#5353
-ipset=/.aculo.us/gfwlist
-server=/.addictedtocoffee.de/127.0.0.1#5353
-ipset=/.addictedtocoffee.de/gfwlist
-server=/.admob.com/127.0.0.1#5353
-ipset=/.admob.com/gfwlist
-server=/.adpl.org.hk/127.0.0.1#5353
-ipset=/.adpl.org.hk/gfwlist
-server=/.adult.friendfinder.com/127.0.0.1#5353
-ipset=/.adult.friendfinder.com/gfwlist
-server=/.adultfriendfinder.com/127.0.0.1#5353
-ipset=/.adultfriendfinder.com/gfwlist
-server=/.adultkeep.net/127.0.0.1#5353
-ipset=/.adultkeep.net/gfwlist
-server=/.adult-sex-games.com/127.0.0.1#5353
-ipset=/.adult-sex-games.com/gfwlist
-server=/.advanscene.com/127.0.0.1#5353
-ipset=/.advanscene.com/gfwlist
-server=/.advertfan.com/127.0.0.1#5353
-ipset=/.advertfan.com/gfwlist
-server=/.ae.hao123.com/127.0.0.1#5353
-ipset=/.ae.hao123.com/gfwlist
-server=/.aenhancers.com/127.0.0.1#5353
-ipset=/.aenhancers.com/gfwlist
-server=/.af.mil/127.0.0.1#5353
-ipset=/.af.mil/gfwlist
-server=/.afantibbs.com/127.0.0.1#5353
-ipset=/.afantibbs.com/gfwlist
-server=/.agnesb.fr/127.0.0.1#5353
-ipset=/.agnesb.fr/gfwlist
-server=/.agoogleaday.com/127.0.0.1#5353
-ipset=/.agoogleaday.com/gfwlist
-server=/.ai-kan.net/127.0.0.1#5353
-ipset=/.ai-kan.net/gfwlist
-server=/.aiph.net/127.0.0.1#5353
-ipset=/.aiph.net/gfwlist
-server=/.airvpn.org/127.0.0.1#5353
-ipset=/.airvpn.org/gfwlist
-server=/.aisex.com/127.0.0.1#5353
-ipset=/.aisex.com/gfwlist
-server=/.aiweiwei.com/127.0.0.1#5353
-ipset=/.aiweiwei.com/gfwlist
-server=/.aiweiweiblog.com/127.0.0.1#5353
-ipset=/.aiweiweiblog.com/gfwlist
-server=/.ai-wen.net/127.0.0.1#5353
-ipset=/.ai-wen.net/gfwlist
-server=/.akamaihd.net/127.0.0.1#5353
-ipset=/.akamaihd.net/gfwlist
-server=/.akiba-online.com/127.0.0.1#5353
-ipset=/.akiba-online.com/gfwlist
-server=/.akiba-web.com/127.0.0.1#5353
-ipset=/.akiba-web.com/gfwlist
-server=/.alabout.com/127.0.0.1#5353
-ipset=/.alabout.com/gfwlist
-server=/.alasbarricadas.org/127.0.0.1#5353
-ipset=/.alasbarricadas.org/gfwlist
-server=/.alexlur.org/127.0.0.1#5353
-ipset=/.alexlur.org/gfwlist
-server=/.alforattv.net/127.0.0.1#5353
-ipset=/.alforattv.net/gfwlist
-server=/.aliengu.com/127.0.0.1#5353
-ipset=/.aliengu.com/gfwlist
-server=/.alien-ufos.com/127.0.0.1#5353
-ipset=/.alien-ufos.com/gfwlist
-server=/.alkasir.com/127.0.0.1#5353
-ipset=/.alkasir.com/gfwlist
-server=/.allconnected.co/127.0.0.1#5353
-ipset=/.allconnected.co/gfwlist
-server=/.alldrawnsex.com/127.0.0.1#5353
-ipset=/.alldrawnsex.com/gfwlist
-server=/.allgirlsallowed.org/127.0.0.1#5353
-ipset=/.allgirlsallowed.org/gfwlist
-server=/.alliance.org.hk/127.0.0.1#5353
-ipset=/.alliance.org.hk/gfwlist
-server=/.allinfa.com/127.0.0.1#5353
-ipset=/.allinfa.com/gfwlist
-server=/.allmovie.com/127.0.0.1#5353
-ipset=/.allmovie.com/gfwlist
-server=/.allonlinux.free.fr/127.0.0.1#5353
-ipset=/.allonlinux.free.fr/gfwlist
-server=/.al-qimmah.net/127.0.0.1#5353
-ipset=/.al-qimmah.net/gfwlist
-server=/.alternate-tools.com/127.0.0.1#5353
-ipset=/.alternate-tools.com/gfwlist
-server=/.altrec.com/127.0.0.1#5353
-ipset=/.altrec.com/gfwlist
-server=/.alvinalexander.com/127.0.0.1#5353
-ipset=/.alvinalexander.com/gfwlist
-server=/.alwaysdata.com/127.0.0.1#5353
-ipset=/.alwaysdata.com/gfwlist
-server=/.alwaysdata.net/127.0.0.1#5353
-ipset=/.alwaysdata.net/gfwlist
-server=/.alwaysvpn.com/127.0.0.1#5353
-ipset=/.alwaysvpn.com/gfwlist
-server=/.am730.com.hk/127.0.0.1#5353
-ipset=/.am730.com.hk/gfwlist
-server=/.amazon.com/127.0.0.1#5353
-ipset=/.amazon.com/gfwlist
-server=/.ameblo.jp/127.0.0.1#5353
-ipset=/.ameblo.jp/gfwlist
-server=/.americangreencard.com/127.0.0.1#5353
-ipset=/.americangreencard.com/gfwlist
-server=/.amiblockedornot.com/127.0.0.1#5353
-ipset=/.amiblockedornot.com/gfwlist
-server=/.amnesty.org/127.0.0.1#5353
-ipset=/.amnesty.org/gfwlist
-server=/.amnestyusa.org/127.0.0.1#5353
-ipset=/.amnestyusa.org/gfwlist
-server=/.amnyemachen.org/127.0.0.1#5353
-ipset=/.amnyemachen.org/gfwlist
-server=/.amoiist.com/127.0.0.1#5353
-ipset=/.amoiist.com/gfwlist
-server=/.analyze-v.com/127.0.0.1#5353
-ipset=/.analyze-v.com/gfwlist
-server=/.anchorfree.com/127.0.0.1#5353
-ipset=/.anchorfree.com/gfwlist
-server=/.ancsconf.org/127.0.0.1#5353
-ipset=/.ancsconf.org/gfwlist
-server=/.andfaraway.net/127.0.0.1#5353
-ipset=/.andfaraway.net/gfwlist
-server=/.android.com/127.0.0.1#5353
-ipset=/.android.com/gfwlist
-server=/.androidify.com/127.0.0.1#5353
-ipset=/.androidify.com/gfwlist
-server=/.android-x86.org/127.0.0.1#5353
-ipset=/.android-x86.org/gfwlist
-server=/.angularjs.org/127.0.0.1#5353
-ipset=/.angularjs.org/gfwlist
-server=/.animecrazy.net/127.0.0.1#5353
-ipset=/.animecrazy.net/gfwlist
-server=/.aniscartujo.com/127.0.0.1#5353
-ipset=/.aniscartujo.com/gfwlist
-server=/.anobii.com/127.0.0.1#5353
-ipset=/.anobii.com/gfwlist
-server=/.anontext.com/127.0.0.1#5353
-ipset=/.anontext.com/gfwlist
-server=/.anonymitynetwork.com/127.0.0.1#5353
-ipset=/.anonymitynetwork.com/gfwlist
-server=/.anonymizer.com/127.0.0.1#5353
-ipset=/.anonymizer.com/gfwlist
-server=/.a-normal-day.com/127.0.0.1#5353
-ipset=/.a-normal-day.com/gfwlist
-server=/.answering-islam.org/127.0.0.1#5353
-ipset=/.answering-islam.org/gfwlist
-server=/.anthonycalzadilla.com/127.0.0.1#5353
-ipset=/.anthonycalzadilla.com/gfwlist
-server=/.antiwave.net/127.0.0.1#5353
-ipset=/.antiwave.net/gfwlist
-server=/.anysex.com/127.0.0.1#5353
-ipset=/.anysex.com/gfwlist
-server=/.aobo.com.au/127.0.0.1#5353
-ipset=/.aobo.com.au/gfwlist
-server=/.aolchannels.aol.com/127.0.0.1#5353
-ipset=/.aolchannels.aol.com/gfwlist
-server=/.aomiwang.com/127.0.0.1#5353
-ipset=/.aomiwang.com/gfwlist
-server=/.apetube.com/127.0.0.1#5353
-ipset=/.apetube.com/gfwlist
-server=/.api.linksalpha.com/127.0.0.1#5353
-ipset=/.api.linksalpha.com/gfwlist
-server=/.api.proxlet.com/127.0.0.1#5353
-ipset=/.api.proxlet.com/gfwlist
-server=/.api.supertweet.net/127.0.0.1#5353
-ipset=/.api.supertweet.net/gfwlist
-server=/.apiary.io/127.0.0.1#5353
-ipset=/.apiary.io/gfwlist
-server=/.apidocs.linksalpha.com/127.0.0.1#5353
-ipset=/.apidocs.linksalpha.com/gfwlist
-server=/.apigee.com/127.0.0.1#5353
-ipset=/.apigee.com/gfwlist
-server=/.app.box.com/127.0.0.1#5353
-ipset=/.app.box.com/gfwlist
-server=/.app.heywire.com/127.0.0.1#5353
-ipset=/.app.heywire.com/gfwlist
-server=/.appledaily.com/127.0.0.1#5353
-ipset=/.appledaily.com/gfwlist
-server=/.appspot.com/127.0.0.1#5353
-ipset=/.appspot.com/gfwlist
-server=/.ar.hao123.com/127.0.0.1#5353
-ipset=/.ar.hao123.com/gfwlist
-server=/.archive.is/127.0.0.1#5353
-ipset=/.archive.is/gfwlist
-server=/.archive.org/127.0.0.1#5353
-ipset=/.archive.org/gfwlist
-server=/.arctosia.com/127.0.0.1#5353
-ipset=/.arctosia.com/gfwlist
-server=/.areca-backup.org/127.0.0.1#5353
-ipset=/.areca-backup.org/gfwlist
-server=/.arethusa.su/127.0.0.1#5353
-ipset=/.arethusa.su/gfwlist
-server=/.arlingtoncemetery.mil/127.0.0.1#5353
-ipset=/.arlingtoncemetery.mil/gfwlist
-server=/.army.mil/127.0.0.1#5353
-ipset=/.army.mil/gfwlist
-server=/.artsy.net/127.0.0.1#5353
-ipset=/.artsy.net/gfwlist
-server=/.asahichinese.com/127.0.0.1#5353
-ipset=/.asahichinese.com/gfwlist
-server=/.asdfg.jp/127.0.0.1#5353
-ipset=/.asdfg.jp/gfwlist
-server=/.asg.to/127.0.0.1#5353
-ipset=/.asg.to/gfwlist
-server=/.asiaharvest.org/127.0.0.1#5353
-ipset=/.asiaharvest.org/gfwlist
-server=/.asianews.it/127.0.0.1#5353
-ipset=/.asianews.it/gfwlist
-server=/.asianspiss.com/127.0.0.1#5353
-ipset=/.asianspiss.com/gfwlist
-server=/.asianwomensfilm.de/127.0.0.1#5353
-ipset=/.asianwomensfilm.de/gfwlist
-server=/.asiatgp.com/127.0.0.1#5353
-ipset=/.asiatgp.com/gfwlist
-server=/.askstudent.com/127.0.0.1#5353
-ipset=/.askstudent.com/gfwlist
-server=/.askynz.net/127.0.0.1#5353
-ipset=/.askynz.net/gfwlist
-server=/.assembla.com/127.0.0.1#5353
-ipset=/.assembla.com/gfwlist
-server=/.astonmartinnews.com/127.0.0.1#5353
-ipset=/.astonmartinnews.com/gfwlist
-server=/.astrill.com/127.0.0.1#5353
-ipset=/.astrill.com/gfwlist
-server=/.atc.org.au/127.0.0.1#5353
-ipset=/.atc.org.au/gfwlist
-server=/.atchinese.com/127.0.0.1#5353
-ipset=/.atchinese.com/gfwlist
-server=/.atdmt.com/127.0.0.1#5353
-ipset=/.atdmt.com/gfwlist
-server=/.atgfw.org/127.0.0.1#5353
-ipset=/.atgfw.org/gfwlist
-server=/.athenaeizou.com/127.0.0.1#5353
-ipset=/.athenaeizou.com/gfwlist
-server=/.atlaspost.com/127.0.0.1#5353
-ipset=/.atlaspost.com/gfwlist
-server=/.atnext.com/127.0.0.1#5353
-ipset=/.atnext.com/gfwlist
-server=/.av.nightlife141.com/127.0.0.1#5353
-ipset=/.av.nightlife141.com/gfwlist
-server=/.avaaz.org/127.0.0.1#5353
-ipset=/.avaaz.org/gfwlist
-server=/.avcity.tv/127.0.0.1#5353
-ipset=/.avcity.tv/gfwlist
-server=/.avcool.com/127.0.0.1#5353
-ipset=/.avcool.com/gfwlist
-server=/.avdb.in/127.0.0.1#5353
-ipset=/.avdb.in/gfwlist
-server=/.avdb.tv/127.0.0.1#5353
-ipset=/.avdb.tv/gfwlist
-server=/.avfantasy.com/127.0.0.1#5353
-ipset=/.avfantasy.com/gfwlist
-server=/.avidemux.org/127.0.0.1#5353
-ipset=/.avidemux.org/gfwlist
-server=/.avoision.com/127.0.0.1#5353
-ipset=/.avoision.com/gfwlist
-server=/.avyahoo.com/127.0.0.1#5353
-ipset=/.avyahoo.com/gfwlist
-server=/.awardwinningfjords.com/127.0.0.1#5353
-ipset=/.awardwinningfjords.com/gfwlist
-server=/.axureformac.com/127.0.0.1#5353
-ipset=/.axureformac.com/gfwlist
-server=/.azerimix.com/127.0.0.1#5353
-ipset=/.azerimix.com/gfwlist
-server=/.azubu.tv/127.0.0.1#5353
-ipset=/.azubu.tv/gfwlist
-server=/.azurewebsites.net/127.0.0.1#5353
-ipset=/.azurewebsites.net/gfwlist
-server=/.babynet.com.hk/127.0.0.1#5353
-ipset=/.babynet.com.hk/gfwlist
-server=/.backchina.com/127.0.0.1#5353
-ipset=/.backchina.com/gfwlist
-server=/.backtotiananmen.com/127.0.0.1#5353
-ipset=/.backtotiananmen.com/gfwlist
-server=/.badoo.com/127.0.0.1#5353
-ipset=/.badoo.com/gfwlist
-server=/.baidu.jp/127.0.0.1#5353
-ipset=/.baidu.jp/gfwlist
-server=/.baixing.me/127.0.0.1#5353
-ipset=/.baixing.me/gfwlist
-server=/.banana-vpn.com/127.0.0.1#5353
-ipset=/.banana-vpn.com/gfwlist
-server=/.bangyoulater.com/127.0.0.1#5353
-ipset=/.bangyoulater.com/gfwlist
-server=/.bannedbook.org/127.0.0.1#5353
-ipset=/.bannedbook.org/gfwlist
-server=/.barenakedislam.com/127.0.0.1#5353
-ipset=/.barenakedislam.com/gfwlist
-server=/.barnabu.co.uk/127.0.0.1#5353
-ipset=/.barnabu.co.uk/gfwlist
-server=/.barracuda.com/127.0.0.1#5353
-ipset=/.barracuda.com/gfwlist
-server=/.bayvoice.net/127.0.0.1#5353
-ipset=/.bayvoice.net/gfwlist
-server=/.bbc.co/127.0.0.1#5353
-ipset=/.bbc.co/gfwlist
-server=/.bbc.com/127.0.0.1#5353
-ipset=/.bbc.com/gfwlist
-server=/.bbc.co.uk/127.0.0.1#5353
-ipset=/.bbc.co.uk/gfwlist
-server=/.bbc.in/127.0.0.1#5353
-ipset=/.bbc.in/gfwlist
-server=/.bbcchinese.com/127.0.0.1#5353
-ipset=/.bbcchinese.com/gfwlist
-server=/.bbg.gov/127.0.0.1#5353
-ipset=/.bbg.gov/gfwlist
-server=/.bbs.brockbbs.com/127.0.0.1#5353
-ipset=/.bbs.brockbbs.com/gfwlist
-server=/.bbs.cantonese.asia/127.0.0.1#5353
-ipset=/.bbs.cantonese.asia/gfwlist
-server=/.bbs.ecstart.com/127.0.0.1#5353
-ipset=/.bbs.ecstart.com/gfwlist
-server=/.bbs.hanminzu.org/127.0.0.1#5353
-ipset=/.bbs.hanminzu.org/gfwlist
-server=/.bbs.morbell.com/127.0.0.1#5353
-ipset=/.bbs.morbell.com/gfwlist
-server=/.bbs.mychat.to/127.0.0.1#5353
-ipset=/.bbs.mychat.to/gfwlist
-server=/.bbs.netbig.com/127.0.0.1#5353
-ipset=/.bbs.netbig.com/gfwlist
-server=/.bbs.ozchinese.com/127.0.0.1#5353
-ipset=/.bbs.ozchinese.com/gfwlist
-server=/.bbs.qmzdd.com/127.0.0.1#5353
-ipset=/.bbs.qmzdd.com/gfwlist
-server=/.bbs.sina.com/127.0.0.1#5353
-ipset=/.bbs.sina.com/gfwlist
-server=/.bbs.skykiwi.com/127.0.0.1#5353
-ipset=/.bbs.skykiwi.com/gfwlist
-server=/.bbs.tuitui.info/127.0.0.1#5353
-ipset=/.bbs.tuitui.info/gfwlist
-server=/.bbsdigest.com/127.0.0.1#5353
-ipset=/.bbsdigest.com/gfwlist
-server=/.bbsfeed.com/127.0.0.1#5353
-ipset=/.bbsfeed.com/gfwlist
-server=/.bbsland.com/127.0.0.1#5353
-ipset=/.bbsland.com/gfwlist
-server=/.bbsone.com/127.0.0.1#5353
-ipset=/.bbsone.com/gfwlist
-server=/.bcchinese.net/127.0.0.1#5353
-ipset=/.bcchinese.net/gfwlist
-server=/.bebo.com/127.0.0.1#5353
-ipset=/.bebo.com/gfwlist
-server=/.beeg.com/127.0.0.1#5353
-ipset=/.beeg.com/gfwlist
-server=/.beevpn.com/127.0.0.1#5353
-ipset=/.beevpn.com/gfwlist
-server=/.behindkink.com/127.0.0.1#5353
-ipset=/.behindkink.com/gfwlist
-server=/.beijing1989.com/127.0.0.1#5353
-ipset=/.beijing1989.com/gfwlist
-server=/.beijingspring.com/127.0.0.1#5353
-ipset=/.beijingspring.com/gfwlist
-server=/.beric.me/127.0.0.1#5353
-ipset=/.beric.me/gfwlist
-server=/.berlintwitterwall.com/127.0.0.1#5353
-ipset=/.berlintwitterwall.com/gfwlist
-server=/.bestforchina.org/127.0.0.1#5353
-ipset=/.bestforchina.org/gfwlist
-server=/.bestvpn.com/127.0.0.1#5353
-ipset=/.bestvpn.com/gfwlist
-server=/.bestvpnservice.com/127.0.0.1#5353
-ipset=/.bestvpnservice.com/gfwlist
-server=/.bestvpnusa.com/127.0.0.1#5353
-ipset=/.bestvpnusa.com/gfwlist
-server=/.bet365.com/127.0.0.1#5353
-ipset=/.bet365.com/gfwlist
-server=/.beta.usejump.com/127.0.0.1#5353
-ipset=/.beta.usejump.com/gfwlist
-server=/.betfair.com/127.0.0.1#5353
-ipset=/.betfair.com/gfwlist
-server=/.bettervpn.com/127.0.0.1#5353
-ipset=/.bettervpn.com/gfwlist
-server=/.bettween.com/127.0.0.1#5353
-ipset=/.bettween.com/gfwlist
-server=/.betvictor.com/127.0.0.1#5353
-ipset=/.betvictor.com/gfwlist
-server=/.bewww.net/127.0.0.1#5353
-ipset=/.bewww.net/gfwlist
-server=/.beyondfirewall.com/127.0.0.1#5353
-ipset=/.beyondfirewall.com/gfwlist
-server=/.bfnn.org/127.0.0.1#5353
-ipset=/.bfnn.org/gfwlist
-server=/.bfsh.hk/127.0.0.1#5353
-ipset=/.bfsh.hk/gfwlist
-server=/.bgvpn.com/127.0.0.1#5353
-ipset=/.bgvpn.com/gfwlist
-server=/.biantailajiao.com/127.0.0.1#5353
-ipset=/.biantailajiao.com/gfwlist
-server=/.biantailajiao.in/127.0.0.1#5353
-ipset=/.biantailajiao.in/gfwlist
-server=/.biblesforamerica.org/127.0.0.1#5353
-ipset=/.biblesforamerica.org/gfwlist
-server=/.bic2011.org/127.0.0.1#5353
-ipset=/.bic2011.org/gfwlist
-server=/.bigfools.com/127.0.0.1#5353
-ipset=/.bigfools.com/gfwlist
-server=/.bigjapanesesex.com/127.0.0.1#5353
-ipset=/.bigjapanesesex.com/gfwlist
-server=/.bignews.org/127.0.0.1#5353
-ipset=/.bignews.org/gfwlist
-server=/.bigsound.org/127.0.0.1#5353
-ipset=/.bigsound.org/gfwlist
-server=/.bill.zhong.pp.ru/127.0.0.1#5353
-ipset=/.bill.zhong.pp.ru/gfwlist
-server=/.billypan.com/127.0.0.1#5353
-ipset=/.billypan.com/gfwlist
-server=/.billywr.com/127.0.0.1#5353
-ipset=/.billywr.com/gfwlist
-server=/.bipic.net/127.0.0.1#5353
-ipset=/.bipic.net/gfwlist
-server=/.bit.ly/127.0.0.1#5353
-ipset=/.bit.ly/gfwlist
-server=/.bitcointalk.org/127.0.0.1#5353
-ipset=/.bitcointalk.org/gfwlist
-server=/.bitshare.com/127.0.0.1#5353
-ipset=/.bitshare.com/gfwlist
-server=/.bitsnoop.com/127.0.0.1#5353
-ipset=/.bitsnoop.com/gfwlist
-server=/.bjzc.org/127.0.0.1#5353
-ipset=/.bjzc.org/gfwlist
-server=/.blacklogic.com/127.0.0.1#5353
-ipset=/.blacklogic.com/gfwlist
-server=/.blackvpn.com/127.0.0.1#5353
-ipset=/.blackvpn.com/gfwlist
-server=/.blinkx.com/127.0.0.1#5353
-ipset=/.blinkx.com/gfwlist
-server=/.blinw.com/127.0.0.1#5353
-ipset=/.blinw.com/gfwlist
-server=/.blip.tv/127.0.0.1#5353
-ipset=/.blip.tv/gfwlist
-server=/.blockcn.com/127.0.0.1#5353
-ipset=/.blockcn.com/gfwlist
-server=/.blog.cnyes.com/127.0.0.1#5353
-ipset=/.blog.cnyes.com/gfwlist
-server=/.blog.de/127.0.0.1#5353
-ipset=/.blog.de/gfwlist
-server=/.blog.exblog.co.jp/127.0.0.1#5353
-ipset=/.blog.exblog.co.jp/gfwlist
-server=/.blog.excite.co.jp/127.0.0.1#5353
-ipset=/.blog.excite.co.jp/gfwlist
-server=/.blog.expofutures.com/127.0.0.1#5353
-ipset=/.blog.expofutures.com/gfwlist
-server=/.blog.fizzik.com/127.0.0.1#5353
-ipset=/.blog.fizzik.com/gfwlist
-server=/.blog.foolsmountain.com/127.0.0.1#5353
-ipset=/.blog.foolsmountain.com/gfwlist
-server=/.blog.istef.info/127.0.0.1#5353
-ipset=/.blog.istef.info/gfwlist
-server=/.blog.jackjia.com/127.0.0.1#5353
-ipset=/.blog.jackjia.com/gfwlist
-server=/.blog.kangye.org/127.0.0.1#5353
-ipset=/.blog.kangye.org/gfwlist
-server=/.blog.lester850.info/127.0.0.1#5353
-ipset=/.blog.lester850.info/gfwlist
-server=/.blog.openinkpot.org/127.0.0.1#5353
-ipset=/.blog.openinkpot.org/gfwlist
-server=/.blog.pathtosharepoint.com/127.0.0.1#5353
-ipset=/.blog.pathtosharepoint.com/gfwlist
-server=/.blog.pentalogic.net/127.0.0.1#5353
-ipset=/.blog.pentalogic.net/gfwlist
-server=/.blog.qooza.hk/127.0.0.1#5353
-ipset=/.blog.qooza.hk/gfwlist
-server=/.blog.ranxiang.com/127.0.0.1#5353
-ipset=/.blog.ranxiang.com/gfwlist
-server=/.blog.sogoo.org/127.0.0.1#5353
-ipset=/.blog.sogoo.org/gfwlist
-server=/.blog.syx86.cn/127.0.0.1#5353
-ipset=/.blog.syx86.cn/gfwlist
-server=/.blog.syx86.com/127.0.0.1#5353
-ipset=/.blog.syx86.com/gfwlist
-server=/.blog.taragana.com/127.0.0.1#5353
-ipset=/.blog.taragana.com/gfwlist
-server=/.blog.tiney.com/127.0.0.1#5353
-ipset=/.blog.tiney.com/gfwlist
-server=/.blog.xuite.net/127.0.0.1#5353
-ipset=/.blog.xuite.net/gfwlist
-server=/.blog.youxu.info/127.0.0.1#5353
-ipset=/.blog.youxu.info/gfwlist
-server=/.blogblog.com/127.0.0.1#5353
-ipset=/.blogblog.com/gfwlist
-server=/.blogcatalog.com/127.0.0.1#5353
-ipset=/.blogcatalog.com/gfwlist
-server=/.blogcity.me/127.0.0.1#5353
-ipset=/.blogcity.me/gfwlist
-server=/.blogger.com/127.0.0.1#5353
-ipset=/.blogger.com/gfwlist
-server=/.blogimg.jp/127.0.0.1#5353
-ipset=/.blogimg.jp/gfwlist
-server=/.bloglines.com/127.0.0.1#5353
-ipset=/.bloglines.com/gfwlist
-server=/.bloglovin.com/127.0.0.1#5353
-ipset=/.bloglovin.com/gfwlist
-server=/.blogs.icerocket.com/127.0.0.1#5353
-ipset=/.blogs.icerocket.com/gfwlist
-server=/.blogs.tampabay.com/127.0.0.1#5353
-ipset=/.blogs.tampabay.com/gfwlist
-server=/.blogs.yahoo.co.jp/127.0.0.1#5353
-ipset=/.blogs.yahoo.co.jp/gfwlist
-server=/.blogspot.com/127.0.0.1#5353
-ipset=/.blogspot.com/gfwlist
-server=/.blogspot.hk/127.0.0.1#5353
-ipset=/.blogspot.hk/gfwlist
-server=/.blogspot.it/127.0.0.1#5353
-ipset=/.blogspot.it/gfwlist
-server=/.blogspot.jp/127.0.0.1#5353
-ipset=/.blogspot.jp/gfwlist
-server=/.blogspot.sg/127.0.0.1#5353
-ipset=/.blogspot.sg/gfwlist
-server=/.blogtd.net/127.0.0.1#5353
-ipset=/.blogtd.net/gfwlist
-server=/.blogtd.org/127.0.0.1#5353
-ipset=/.blogtd.org/gfwlist
-server=/.bloodshed.net/127.0.0.1#5353
-ipset=/.bloodshed.net/gfwlist
-server=/.bloomberg.cn/127.0.0.1#5353
-ipset=/.bloomberg.cn/gfwlist
-server=/.bloomberg.com/127.0.0.1#5353
-ipset=/.bloomberg.com/gfwlist
-server=/.bloomberg.de/127.0.0.1#5353
-ipset=/.bloomberg.de/gfwlist
-server=/.bloomfortune.com/127.0.0.1#5353
-ipset=/.bloomfortune.com/gfwlist
-server=/.bnrmetal.com/127.0.0.1#5353
-ipset=/.bnrmetal.com/gfwlist
-server=/.boardreader.com/127.0.0.1#5353
-ipset=/.boardreader.com/gfwlist
-server=/.bod.asia/127.0.0.1#5353
-ipset=/.bod.asia/gfwlist
-server=/.bolehvpn.net/127.0.0.1#5353
-ipset=/.bolehvpn.net/gfwlist
-server=/.bolin.netfirms.com/127.0.0.1#5353
-ipset=/.bolin.netfirms.com/gfwlist
-server=/.bonbonme.com/127.0.0.1#5353
-ipset=/.bonbonme.com/gfwlist
-server=/.bonbonsex.com/127.0.0.1#5353
-ipset=/.bonbonsex.com/gfwlist
-server=/.boobstagram.com/127.0.0.1#5353
-ipset=/.boobstagram.com/gfwlist
-server=/.book.zi5.me/127.0.0.1#5353
-ipset=/.book.zi5.me/gfwlist
-server=/.bookepub.com/127.0.0.1#5353
-ipset=/.bookepub.com/gfwlist
-server=/.bot.nu/127.0.0.1#5353
-ipset=/.bot.nu/gfwlist
-server=/.botanwang.com/127.0.0.1#5353
-ipset=/.botanwang.com/gfwlist
-server=/.bowenpress.com/127.0.0.1#5353
-ipset=/.bowenpress.com/gfwlist
-server=/.boxpn.com/127.0.0.1#5353
-ipset=/.boxpn.com/gfwlist
-server=/.boxun.com/127.0.0.1#5353
-ipset=/.boxun.com/gfwlist
-server=/.boxun.tv/127.0.0.1#5353
-ipset=/.boxun.tv/gfwlist
-server=/.boxunblog.com/127.0.0.1#5353
-ipset=/.boxunblog.com/gfwlist
-server=/.boxunclub.com/127.0.0.1#5353
-ipset=/.boxunclub.com/gfwlist
-server=/.boyfriendtv.com/127.0.0.1#5353
-ipset=/.boyfriendtv.com/gfwlist
-server=/.boysmaster.com/127.0.0.1#5353
-ipset=/.boysmaster.com/gfwlist
-server=/.br.hao123.com/127.0.0.1#5353
-ipset=/.br.hao123.com/gfwlist
-server=/.br.st/127.0.0.1#5353
-ipset=/.br.st/gfwlist
-server=/.bralio.com/127.0.0.1#5353
-ipset=/.bralio.com/gfwlist
-server=/.branch.com/127.0.0.1#5353
-ipset=/.branch.com/gfwlist
-server=/.brandonhutchinson.com/127.0.0.1#5353
-ipset=/.brandonhutchinson.com/gfwlist
-server=/.braumeister.org/127.0.0.1#5353
-ipset=/.braumeister.org/gfwlist
-server=/.bravotube.net/127.0.0.1#5353
-ipset=/.bravotube.net/gfwlist
-server=/.brazzers.com/127.0.0.1#5353
-ipset=/.brazzers.com/gfwlist
-server=/.break.com/127.0.0.1#5353
-ipset=/.break.com/gfwlist
-server=/.breakgfw.com/127.0.0.1#5353
-ipset=/.breakgfw.com/gfwlist
-server=/.breakingtweets.com/127.0.0.1#5353
-ipset=/.breakingtweets.com/gfwlist
-server=/.breakwall.net/127.0.0.1#5353
-ipset=/.breakwall.net/gfwlist
-server=/.briefdream.com/127.0.0.1#5353
-ipset=/.briefdream.com/gfwlist
-server=/.briian.com/127.0.0.1#5353
-ipset=/.briian.com/gfwlist
-server=/.brizzly.com/127.0.0.1#5353
-ipset=/.brizzly.com/gfwlist
-server=/.broadbook.com/127.0.0.1#5353
-ipset=/.broadbook.com/gfwlist
-server=/.broadpressinc.com/127.0.0.1#5353
-ipset=/.broadpressinc.com/gfwlist
-server=/.brucewang.net/127.0.0.1#5353
-ipset=/.brucewang.net/gfwlist
-server=/.brutaltgp.com/127.0.0.1#5353
-ipset=/.brutaltgp.com/gfwlist
-server=/.bt95.com/127.0.0.1#5353
-ipset=/.bt95.com/gfwlist
-server=/.btdigg.org/127.0.0.1#5353
-ipset=/.btdigg.org/gfwlist
-server=/.btku.me/127.0.0.1#5353
-ipset=/.btku.me/gfwlist
-server=/.btspread.com/127.0.0.1#5353
-ipset=/.btspread.com/gfwlist
-server=/.budaedu.org/127.0.0.1#5353
-ipset=/.budaedu.org/gfwlist
-server=/.bugclub.org/127.0.0.1#5353
-ipset=/.bugclub.org/gfwlist
-server=/.bullog.org/127.0.0.1#5353
-ipset=/.bullog.org/gfwlist
-server=/.bullogger.com/127.0.0.1#5353
-ipset=/.bullogger.com/gfwlist
-server=/.businessinsider.com/127.0.0.1#5353
-ipset=/.businessinsider.com/gfwlist
-server=/.businessweek.com/127.0.0.1#5353
-ipset=/.businessweek.com/gfwlist
-server=/.busu.org/127.0.0.1#5353
-ipset=/.busu.org/gfwlist
-server=/.buugaa.com/127.0.0.1#5353
-ipset=/.buugaa.com/gfwlist
-server=/.buzzhand.com/127.0.0.1#5353
-ipset=/.buzzhand.com/gfwlist
-server=/.buzzhand.net/127.0.0.1#5353
-ipset=/.buzzhand.net/gfwlist
-server=/.buzzurl.jp/127.0.0.1#5353
-ipset=/.buzzurl.jp/gfwlist
-server=/.bwsj.hk/127.0.0.1#5353
-ipset=/.bwsj.hk/gfwlist
-server=/.bx.tl/127.0.0.1#5353
-ipset=/.bx.tl/gfwlist
-server=/.c1522.mooo.com/127.0.0.1#5353
-ipset=/.c1522.mooo.com/gfwlist
-server=/.cachinese.com/127.0.0.1#5353
-ipset=/.cachinese.com/gfwlist
-server=/.cacnw.com/127.0.0.1#5353
-ipset=/.cacnw.com/gfwlist
-server=/.cactusvpn.com/127.0.0.1#5353
-ipset=/.cactusvpn.com/gfwlist
-server=/.cafepress.com/127.0.0.1#5353
-ipset=/.cafepress.com/gfwlist
-server=/.calameo.com/127.0.0.1#5353
-ipset=/.calameo.com/gfwlist
-server=/.calebelston.com/127.0.0.1#5353
-ipset=/.calebelston.com/gfwlist
-server=/.calgarychinese.ca/127.0.0.1#5353
-ipset=/.calgarychinese.ca/gfwlist
-server=/.calgarychinese.com/127.0.0.1#5353
-ipset=/.calgarychinese.com/gfwlist
-server=/.calgarychinese.net/127.0.0.1#5353
-ipset=/.calgarychinese.net/gfwlist
-server=/.cam4.com/127.0.0.1#5353
-ipset=/.cam4.com/gfwlist
-server=/.cam4.jp/127.0.0.1#5353
-ipset=/.cam4.jp/gfwlist
-server=/.cam4.sg/127.0.0.1#5353
-ipset=/.cam4.sg/gfwlist
-server=/.camfrog.com/127.0.0.1#5353
-ipset=/.camfrog.com/gfwlist
-server=/.cams.com/127.0.0.1#5353
-ipset=/.cams.com/gfwlist
-server=/.cams.org.sg/127.0.0.1#5353
-ipset=/.cams.org.sg/gfwlist
-server=/.canadameet.com/127.0.0.1#5353
-ipset=/.canadameet.com/gfwlist
-server=/.canyu.org/127.0.0.1#5353
-ipset=/.canyu.org/gfwlist
-server=/.cao.im/127.0.0.1#5353
-ipset=/.cao.im/gfwlist
-server=/.caobian.info/127.0.0.1#5353
-ipset=/.caobian.info/gfwlist
-server=/.caochangqing.com/127.0.0.1#5353
-ipset=/.caochangqing.com/gfwlist
-server=/.cap.org.hk/127.0.0.1#5353
-ipset=/.cap.org.hk/gfwlist
-server=/.cardinalkungfoundation.org/127.0.0.1#5353
-ipset=/.cardinalkungfoundation.org/gfwlist
-server=/.carfax.com/127.0.0.1#5353
-ipset=/.carfax.com/gfwlist
-server=/.cari.com.my/127.0.0.1#5353
-ipset=/.cari.com.my/gfwlist
-server=/.caribbeancom.com/127.0.0.1#5353
-ipset=/.caribbeancom.com/gfwlist
-server=/.casatibet.org.mx/127.0.0.1#5353
-ipset=/.casatibet.org.mx/gfwlist
-server=/.casinobellini.com/127.0.0.1#5353
-ipset=/.casinobellini.com/gfwlist
-server=/.catch22.net/127.0.0.1#5353
-ipset=/.catch22.net/gfwlist
-server=/.catfightpayperview.xxx/127.0.0.1#5353
-ipset=/.catfightpayperview.xxx/gfwlist
-server=/.catholic.org.hk/127.0.0.1#5353
-ipset=/.catholic.org.hk/gfwlist
-server=/.cattt.com/127.0.0.1#5353
-ipset=/.cattt.com/gfwlist
-server=/.cbc.ca/127.0.0.1#5353
-ipset=/.cbc.ca/gfwlist
-server=/.cbsnews.com/127.0.0.1#5353
-ipset=/.cbsnews.com/gfwlist
-server=/.cbtc.org.hk/127.0.0.1#5353
-ipset=/.cbtc.org.hk/gfwlist
-server=/.ccdtr.org/127.0.0.1#5353
-ipset=/.ccdtr.org/gfwlist
-server=/.ccim.org/127.0.0.1#5353
-ipset=/.ccim.org/gfwlist
-server=/.cclife.ca/127.0.0.1#5353
-ipset=/.cclife.ca/gfwlist
-server=/.cclife.org/127.0.0.1#5353
-ipset=/.cclife.org/gfwlist
-server=/.cclifefl.org/127.0.0.1#5353
-ipset=/.cclifefl.org/gfwlist
-server=/.ccthere.com/127.0.0.1#5353
-ipset=/.ccthere.com/gfwlist
-server=/.cctongbao.com/127.0.0.1#5353
-ipset=/.cctongbao.com/gfwlist
-server=/.ccue.ca/127.0.0.1#5353
-ipset=/.ccue.ca/gfwlist
-server=/.ccue.com/127.0.0.1#5353
-ipset=/.ccue.com/gfwlist
-server=/.cdbook.org/127.0.0.1#5353
-ipset=/.cdbook.org/gfwlist
-server=/.cdd.me/127.0.0.1#5353
-ipset=/.cdd.me/gfwlist
-server=/.cdef.org/127.0.0.1#5353
-ipset=/.cdef.org/gfwlist
-server=/.cdig.info/127.0.0.1#5353
-ipset=/.cdig.info/gfwlist
-server=/.cdjp.org/127.0.0.1#5353
-ipset=/.cdjp.org/gfwlist
-server=/.cdn.helixstudios.net/127.0.0.1#5353
-ipset=/.cdn.helixstudios.net/gfwlist
-server=/.cdn.printfriendly.com/127.0.0.1#5353
-ipset=/.cdn.printfriendly.com/gfwlist
-server=/.cdn.softlayer.net/127.0.0.1#5353
-ipset=/.cdn.softlayer.net/gfwlist
-server=/.cdninstagram.com/127.0.0.1#5353
-ipset=/.cdninstagram.com/gfwlist
-server=/.cdp1989.org/127.0.0.1#5353
-ipset=/.cdp1989.org/gfwlist
-server=/.cdp1998.org/127.0.0.1#5353
-ipset=/.cdp1998.org/gfwlist
-server=/.cdp2006.org/127.0.0.1#5353
-ipset=/.cdp2006.org/gfwlist
-server=/.cdpeu.org/127.0.0.1#5353
-ipset=/.cdpeu.org/gfwlist
-server=/.cdpusa.org/127.0.0.1#5353
-ipset=/.cdpusa.org/gfwlist
-server=/.cdpweb.org/127.0.0.1#5353
-ipset=/.cdpweb.org/gfwlist
-server=/.cdpwu.org/127.0.0.1#5353
-ipset=/.cdpwu.org/gfwlist
-server=/.cdw.com/127.0.0.1#5353
-ipset=/.cdw.com/gfwlist
-server=/.cecc.gov/127.0.0.1#5353
-ipset=/.cecc.gov/gfwlist
-server=/.cellulo.info/127.0.0.1#5353
-ipset=/.cellulo.info/gfwlist
-server=/.cenci.tk/127.0.0.1#5353
-ipset=/.cenci.tk/gfwlist
-server=/.cenews.eu/127.0.0.1#5353
-ipset=/.cenews.eu/gfwlist
-server=/.centauro.com.br/127.0.0.1#5353
-ipset=/.centauro.com.br/gfwlist
-server=/.centerforhumanreprod.com/127.0.0.1#5353
-ipset=/.centerforhumanreprod.com/gfwlist
-server=/.centralnation.com/127.0.0.1#5353
-ipset=/.centralnation.com/gfwlist
-server=/.centurys.net/127.0.0.1#5353
-ipset=/.centurys.net/gfwlist
-server=/.certificate.revocationcheck.com/127.0.0.1#5353
-ipset=/.certificate.revocationcheck.com/gfwlist
-server=/.c-est-simple.com/127.0.0.1#5353
-ipset=/.c-est-simple.com/gfwlist
-server=/.cfhks.org.hk/127.0.0.1#5353
-ipset=/.cfhks.org.hk/gfwlist
-server=/.cftfc.com/127.0.0.1#5353
-ipset=/.cftfc.com/gfwlist
-server=/.cgdepot.org/127.0.0.1#5353
-ipset=/.cgdepot.org/gfwlist
-server=/.cgst.edu/127.0.0.1#5353
-ipset=/.cgst.edu/gfwlist
-server=/.ch.shvoong.com/127.0.0.1#5353
-ipset=/.ch.shvoong.com/gfwlist
-server=/.chandoo.org/127.0.0.1#5353
-ipset=/.chandoo.org/gfwlist
-server=/.change.org/127.0.0.1#5353
-ipset=/.change.org/gfwlist
-server=/.changp.com/127.0.0.1#5353
-ipset=/.changp.com/gfwlist
-server=/.chapm25.com/127.0.0.1#5353
-ipset=/.chapm25.com/gfwlist
-server=/.chaturbate.com/127.0.0.1#5353
-ipset=/.chaturbate.com/gfwlist
-server=/.chengmingmag.com/127.0.0.1#5353
-ipset=/.chengmingmag.com/gfwlist
-server=/.chenguangcheng.com/127.0.0.1#5353
-ipset=/.chenguangcheng.com/gfwlist
-server=/.chenpokong.com/127.0.0.1#5353
-ipset=/.chenpokong.com/gfwlist
-server=/.chenshan20042005.wordpress.com/127.0.0.1#5353
-ipset=/.chenshan20042005.wordpress.com/gfwlist
-server=/.cherrysave.com/127.0.0.1#5353
-ipset=/.cherrysave.com/gfwlist
-server=/.chhongbi.org/127.0.0.1#5353
-ipset=/.chhongbi.org/gfwlist
-server=/.chicagoncmtv.com/127.0.0.1#5353
-ipset=/.chicagoncmtv.com/gfwlist
-server=/.china.hket.com/127.0.0.1#5353
-ipset=/.china.hket.com/gfwlist
-server=/.china.ucanews.com/127.0.0.1#5353
-ipset=/.china.ucanews.com/gfwlist
-server=/.china101.com/127.0.0.1#5353
-ipset=/.china101.com/gfwlist
-server=/.china18.org/127.0.0.1#5353
-ipset=/.china18.org/gfwlist
-server=/.china21.com/127.0.0.1#5353
-ipset=/.china21.com/gfwlist
-server=/.china21.org/127.0.0.1#5353
-ipset=/.china21.org/gfwlist
-server=/.china5000.us/127.0.0.1#5353
-ipset=/.china5000.us/gfwlist
-server=/.chinaaffairs.org/127.0.0.1#5353
-ipset=/.chinaaffairs.org/gfwlist
-server=/.chinaaid.me/127.0.0.1#5353
-ipset=/.chinaaid.me/gfwlist
-server=/.chinaaid.net/127.0.0.1#5353
-ipset=/.chinaaid.net/gfwlist
-server=/.chinaaid.org/127.0.0.1#5353
-ipset=/.chinaaid.org/gfwlist
-server=/.chinaaid.us/127.0.0.1#5353
-ipset=/.chinaaid.us/gfwlist
-server=/.chinachange.org/127.0.0.1#5353
-ipset=/.chinachange.org/gfwlist
-server=/.chinachannel.hk/127.0.0.1#5353
-ipset=/.chinachannel.hk/gfwlist
-server=/.chinacitynews.be/127.0.0.1#5353
-ipset=/.chinacitynews.be/gfwlist
-server=/.chinacomments.org/127.0.0.1#5353
-ipset=/.chinacomments.org/gfwlist
-server=/.chinadigitaltimes.net/127.0.0.1#5353
-ipset=/.chinadigitaltimes.net/gfwlist
-server=/.chinaelections.org/127.0.0.1#5353
-ipset=/.chinaelections.org/gfwlist
-server=/.chinaeweekly.com/127.0.0.1#5353
-ipset=/.chinaeweekly.com/gfwlist
-server=/.chinafreepress.org/127.0.0.1#5353
-ipset=/.chinafreepress.org/gfwlist
-server=/.chinagate.com/127.0.0.1#5353
-ipset=/.chinagate.com/gfwlist
-server=/.chinageeks.org/127.0.0.1#5353
-ipset=/.chinageeks.org/gfwlist
-server=/.chinagfw.org/127.0.0.1#5353
-ipset=/.chinagfw.org/gfwlist
-server=/.chinagreenparty.org/127.0.0.1#5353
-ipset=/.chinagreenparty.org/gfwlist
-server=/.chinahorizon.org/127.0.0.1#5353
-ipset=/.chinahorizon.org/gfwlist
-server=/.chinahush.com/127.0.0.1#5353
-ipset=/.chinahush.com/gfwlist
-server=/.chinainperspective.com/127.0.0.1#5353
-ipset=/.chinainperspective.com/gfwlist
-server=/.chinainperspective.net/127.0.0.1#5353
-ipset=/.chinainperspective.net/gfwlist
-server=/.chinainperspective.org/127.0.0.1#5353
-ipset=/.chinainperspective.org/gfwlist
-server=/.chinainterimgov.org/127.0.0.1#5353
-ipset=/.chinainterimgov.org/gfwlist
-server=/.chinalaborwatch.org/127.0.0.1#5353
-ipset=/.chinalaborwatch.org/gfwlist
-server=/.chinalawandpolicy.com/127.0.0.1#5353
-ipset=/.chinalawandpolicy.com/gfwlist
-server=/.chinalawtranslate.com/127.0.0.1#5353
-ipset=/.chinalawtranslate.com/gfwlist
-server=/.china-mmm.jp.net/127.0.0.1#5353
-ipset=/.china-mmm.jp.net/gfwlist
-server=/.china-mmm.net/127.0.0.1#5353
-ipset=/.china-mmm.net/gfwlist
-server=/.chinamule.com/127.0.0.1#5353
-ipset=/.chinamule.com/gfwlist
-server=/.chinamz.org/127.0.0.1#5353
-ipset=/.chinamz.org/gfwlist
-server=/.chinapress.com.my/127.0.0.1#5353
-ipset=/.chinapress.com.my/gfwlist
-server=/.chinarightsia.org/127.0.0.1#5353
-ipset=/.chinarightsia.org/gfwlist
-server=/.chinasmile.net/127.0.0.1#5353
-ipset=/.chinasmile.net/gfwlist
-server=/.chinasocialdemocraticparty.com/127.0.0.1#5353
-ipset=/.chinasocialdemocraticparty.com/gfwlist
-server=/.chinasoul.org/127.0.0.1#5353
-ipset=/.chinasoul.org/gfwlist
-server=/.chinasucks.net/127.0.0.1#5353
-ipset=/.chinasucks.net/gfwlist
-server=/.chinatimes.com/127.0.0.1#5353
-ipset=/.chinatimes.com/gfwlist
-server=/.chinatopsex.com/127.0.0.1#5353
-ipset=/.chinatopsex.com/gfwlist
-server=/.chinatweeps.com/127.0.0.1#5353
-ipset=/.chinatweeps.com/gfwlist
-server=/.chinaway.org/127.0.0.1#5353
-ipset=/.chinaway.org/gfwlist
-server=/.china-week.com/127.0.0.1#5353
-ipset=/.china-week.com/gfwlist
-server=/.chinaworker.info/127.0.0.1#5353
-ipset=/.chinaworker.info/gfwlist
-server=/.chinaxchina.com/127.0.0.1#5353
-ipset=/.chinaxchina.com/gfwlist
-server=/.chinayouth.org.hk/127.0.0.1#5353
-ipset=/.chinayouth.org.hk/gfwlist
-server=/.chinayuanmin.org/127.0.0.1#5353
-ipset=/.chinayuanmin.org/gfwlist
-server=/.chinese.engadget.com/127.0.0.1#5353
-ipset=/.chinese.engadget.com/gfwlist
-server=/.chinese.irib.ir/127.0.0.1#5353
-ipset=/.chinese.irib.ir/gfwlist
-server=/.chinese.rnw.nl/127.0.0.1#5353
-ipset=/.chinese.rnw.nl/gfwlist
-server=/.chinese.soifind.com/127.0.0.1#5353
-ipset=/.chinese.soifind.com/gfwlist
-server=/.chinesedaily.com/127.0.0.1#5353
-ipset=/.chinesedaily.com/gfwlist
-server=/.chinesedailynews.com/127.0.0.1#5353
-ipset=/.chinesedailynews.com/gfwlist
-server=/.chinesedemocracy.com/127.0.0.1#5353
-ipset=/.chinesedemocracy.com/gfwlist
-server=/.chinese-hermit.net/127.0.0.1#5353
-ipset=/.chinese-hermit.net/gfwlist
-server=/.chinese-leaders.org/127.0.0.1#5353
-ipset=/.chinese-leaders.org/gfwlist
-server=/.chinese-memorial.org/127.0.0.1#5353
-ipset=/.chinese-memorial.org/gfwlist
-server=/.chinesen.de/127.0.0.1#5353
-ipset=/.chinesen.de/gfwlist
-server=/.chinesepen.org/127.0.0.1#5353
-ipset=/.chinesepen.org/gfwlist
-server=/.chinesetalks.net/127.0.0.1#5353
-ipset=/.chinesetalks.net/gfwlist
-server=/.chingcheong.com/127.0.0.1#5353
-ipset=/.chingcheong.com/gfwlist
-server=/.chithu.org/127.0.0.1#5353
-ipset=/.chithu.org/gfwlist
-server=/.chn.chosun.com/127.0.0.1#5353
-ipset=/.chn.chosun.com/gfwlist
-server=/.chrdnet.com/127.0.0.1#5353
-ipset=/.chrdnet.com/gfwlist
-server=/.christianstudy.com/127.0.0.1#5353
-ipset=/.christianstudy.com/gfwlist
-server=/.christiantimes.org.hk/127.0.0.1#5353
-ipset=/.christiantimes.org.hk/gfwlist
-server=/.christusrex.org/127.0.0.1#5353
-ipset=/.christusrex.org/gfwlist
-server=/.chrlawyers.hk/127.0.0.1#5353
-ipset=/.chrlawyers.hk/gfwlist
-server=/.chrome.com/127.0.0.1#5353
-ipset=/.chrome.com/gfwlist
-server=/.chromeadblock.com/127.0.0.1#5353
-ipset=/.chromeadblock.com/gfwlist
-server=/.chromecast.com/127.0.0.1#5353
-ipset=/.chromecast.com/gfwlist
-server=/.chromeexperiments.com/127.0.0.1#5353
-ipset=/.chromeexperiments.com/gfwlist
-server=/.chromercise.com/127.0.0.1#5353
-ipset=/.chromercise.com/gfwlist
-server=/.chromium.org/127.0.0.1#5353
-ipset=/.chromium.org/gfwlist
-server=/.chuang-yen.org/127.0.0.1#5353
-ipset=/.chuang-yen.org/gfwlist
-server=/.chuantupian.com/127.0.0.1#5353
-ipset=/.chuantupian.com/gfwlist
-server=/.chubun.com/127.0.0.1#5353
-ipset=/.chubun.com/gfwlist
-server=/.chuizi.net/127.0.0.1#5353
-ipset=/.chuizi.net/gfwlist
-server=/.cipfg.org/127.0.0.1#5353
-ipset=/.cipfg.org/gfwlist
-server=/.circlethebayfortibet.org/127.0.0.1#5353
-ipset=/.circlethebayfortibet.org/gfwlist
-server=/.citizenlab.org/127.0.0.1#5353
-ipset=/.citizenlab.org/gfwlist
-server=/.citizenscommission.hk/127.0.0.1#5353
-ipset=/.citizenscommission.hk/gfwlist
-server=/.citizensradio.org/127.0.0.1#5353
-ipset=/.citizensradio.org/gfwlist
-server=/.city365.ca/127.0.0.1#5353
-ipset=/.city365.ca/gfwlist
-server=/.city9x.com/127.0.0.1#5353
-ipset=/.city9x.com/gfwlist
-server=/.civicparty.hk/127.0.0.1#5353
-ipset=/.civicparty.hk/gfwlist
-server=/.civilhrfront.org/127.0.0.1#5353
-ipset=/.civilhrfront.org/gfwlist
-server=/.ck101.com/127.0.0.1#5353
-ipset=/.ck101.com/gfwlist
-server=/.cl.d0z.net/127.0.0.1#5353
-ipset=/.cl.d0z.net/gfwlist
-server=/.cl.ly/127.0.0.1#5353
-ipset=/.cl.ly/gfwlist
-server=/.clarionproject.org/127.0.0.1#5353
-ipset=/.clarionproject.org/gfwlist
-server=/.classicalguitarblog.net/127.0.0.1#5353
-ipset=/.classicalguitarblog.net/gfwlist
-server=/.clb.org.hk/127.0.0.1#5353
-ipset=/.clb.org.hk/gfwlist
-server=/.clearharmony.net/127.0.0.1#5353
-ipset=/.clearharmony.net/gfwlist
-server=/.clearwisdom.net/127.0.0.1#5353
-ipset=/.clearwisdom.net/gfwlist
-server=/.cling.omy.sg/127.0.0.1#5353
-ipset=/.cling.omy.sg/gfwlist
-server=/.clipfish.de/127.0.0.1#5353
-ipset=/.clipfish.de/gfwlist
-server=/.cloakpoint.com/127.0.0.1#5353
-ipset=/.cloakpoint.com/gfwlist
-server=/.club1069.com/127.0.0.1#5353
-ipset=/.club1069.com/gfwlist
-server=/.cmp.hku.hk/127.0.0.1#5353
-ipset=/.cmp.hku.hk/gfwlist
-server=/.cms.gov/127.0.0.1#5353
-ipset=/.cms.gov/gfwlist
-server=/.cmule.com/127.0.0.1#5353
-ipset=/.cmule.com/gfwlist
-server=/.cmule.org/127.0.0.1#5353
-ipset=/.cmule.org/gfwlist
-server=/.cn.calameo.com/127.0.0.1#5353
-ipset=/.cn.calameo.com/gfwlist
-server=/.cn.dayabook.com/127.0.0.1#5353
-ipset=/.cn.dayabook.com/gfwlist
-server=/.cn.fmnnow.com/127.0.0.1#5353
-ipset=/.cn.fmnnow.com/gfwlist
-server=/.cn.freeones.com/127.0.0.1#5353
-ipset=/.cn.freeones.com/gfwlist
-server=/.cn.giganews.com/127.0.0.1#5353
-ipset=/.cn.giganews.com/gfwlist
-server=/.cn.ibtimes.com/127.0.0.1#5353
-ipset=/.cn.ibtimes.com/gfwlist
-server=/.cn.shafaqna.com/127.0.0.1#5353
-ipset=/.cn.shafaqna.com/gfwlist
-server=/.cn.streetvoice.com/127.0.0.1#5353
-ipset=/.cn.streetvoice.com/gfwlist
-server=/.cn.uncyclopedia.wikia.com/127.0.0.1#5353
-ipset=/.cn.uncyclopedia.wikia.com/gfwlist
-server=/.cn.voa.mobi/127.0.0.1#5353
-ipset=/.cn.voa.mobi/gfwlist
-server=/.cn2.streetvoice.com/127.0.0.1#5353
-ipset=/.cn2.streetvoice.com/gfwlist
-server=/.cn6.eu/127.0.0.1#5353
-ipset=/.cn6.eu/gfwlist
-server=/.cnabc.com/127.0.0.1#5353
-ipset=/.cnabc.com/gfwlist
-server=/.cnd.org/127.0.0.1#5353
-ipset=/.cnd.org/gfwlist
-server=/.cnn.com/127.0.0.1#5353
-ipset=/.cnn.com/gfwlist
-server=/.cnpolitics.org/127.0.0.1#5353
-ipset=/.cnpolitics.org/gfwlist
-server=/.cochina.co/127.0.0.1#5353
-ipset=/.cochina.co/gfwlist
-server=/.cochina.org/127.0.0.1#5353
-ipset=/.cochina.org/gfwlist
-server=/.code1984.com/127.0.0.1#5353
-ipset=/.code1984.com/gfwlist
-server=/.codeshare.io/127.0.0.1#5353
-ipset=/.codeshare.io/gfwlist
-server=/.codeskulptor.org/127.0.0.1#5353
-ipset=/.codeskulptor.org/gfwlist
-server=/.collateralmurder.com/127.0.0.1#5353
-ipset=/.collateralmurder.com/gfwlist
-server=/.collateralmurder.org/127.0.0.1#5353
-ipset=/.collateralmurder.org/gfwlist
-server=/.comefromchina.com/127.0.0.1#5353
-ipset=/.comefromchina.com/gfwlist
-server=/.commentshk.com/127.0.0.1#5353
-ipset=/.commentshk.com/gfwlist
-server=/.communistcrimes.org/127.0.0.1#5353
-ipset=/.communistcrimes.org/gfwlist
-server=/.communitychoicecu.com/127.0.0.1#5353
-ipset=/.communitychoicecu.com/gfwlist
-server=/.compileheart.com/127.0.0.1#5353
-ipset=/.compileheart.com/gfwlist
-server=/.connect.facebook.net/127.0.0.1#5353
-ipset=/.connect.facebook.net/gfwlist
-server=/.conoyo.com/127.0.0.1#5353
-ipset=/.conoyo.com/gfwlist
-server=/.contactmagazine.net/127.0.0.1#5353
-ipset=/.contactmagazine.net/gfwlist
-server=/.contests.twilio.com/127.0.0.1#5353
-ipset=/.contests.twilio.com/gfwlist
-server=/.convio.net/127.0.0.1#5353
-ipset=/.convio.net/gfwlist
-server=/.coobay.com/127.0.0.1#5353
-ipset=/.coobay.com/gfwlist
-server=/.coolaler.com/127.0.0.1#5353
-ipset=/.coolaler.com/gfwlist
-server=/.coolder.com/127.0.0.1#5353
-ipset=/.coolder.com/gfwlist
-server=/.corumcollege.com/127.0.0.1#5353
-ipset=/.corumcollege.com/gfwlist
-server=/.cotweet.com/127.0.0.1#5353
-ipset=/.cotweet.com/gfwlist
-server=/.couchdbwiki.com/127.0.0.1#5353
-ipset=/.couchdbwiki.com/gfwlist
-server=/.coveringweb.com/127.0.0.1#5353
-ipset=/.coveringweb.com/gfwlist
-server=/.cpj.org/127.0.0.1#5353
-ipset=/.cpj.org/gfwlist
-server=/.crackle.com/127.0.0.1#5353
-ipset=/.crackle.com/gfwlist
-server=/.crchina.org/127.0.0.1#5353
-ipset=/.crchina.org/gfwlist
-server=/.crd-net.org/127.0.0.1#5353
-ipset=/.crd-net.org/gfwlist
-server=/.creaders.net/127.0.0.1#5353
-ipset=/.creaders.net/gfwlist
-server=/.crossthewall.net/127.0.0.1#5353
-ipset=/.crossthewall.net/gfwlist
-server=/.csdparty.com/127.0.0.1#5353
-ipset=/.csdparty.com/gfwlist
-server=/.c-spanvideo.org/127.0.0.1#5353
-ipset=/.c-spanvideo.org/gfwlist
-server=/.css.pixnet.in/127.0.0.1#5353
-ipset=/.css.pixnet.in/gfwlist
-server=/.csuchen.de/127.0.0.1#5353
-ipset=/.csuchen.de/gfwlist
-server=/.ctao.org/127.0.0.1#5353
-ipset=/.ctao.org/gfwlist
-server=/.ctfriend.net/127.0.0.1#5353
-ipset=/.ctfriend.net/gfwlist
-server=/.cuhkacs.org/127.0.0.1#5353
-ipset=/.cuhkacs.org/gfwlist
-server=/.cuihua.org/127.0.0.1#5353
-ipset=/.cuihua.org/gfwlist
-server=/.cuiweiping.net/127.0.0.1#5353
-ipset=/.cuiweiping.net/gfwlist
-server=/.cumlouder.com/127.0.0.1#5353
-ipset=/.cumlouder.com/gfwlist
-server=/.curvefish.com/127.0.0.1#5353
-ipset=/.curvefish.com/gfwlist
-server=/.cusu.hk/127.0.0.1#5353
-ipset=/.cusu.hk/gfwlist
-server=/.cweb-pix.com/127.0.0.1#5353
-ipset=/.cweb-pix.com/gfwlist
-server=/.cyberghost.natado.com/127.0.0.1#5353
-ipset=/.cyberghost.natado.com/gfwlist
-server=/.cyberghostvpn.com/127.0.0.1#5353
-ipset=/.cyberghostvpn.com/gfwlist
-server=/.cynscribe.com/127.0.0.1#5353
-ipset=/.cynscribe.com/gfwlist
-server=/.cytode.us/127.0.0.1#5353
-ipset=/.cytode.us/gfwlist
-server=/.d100.net/127.0.0.1#5353
-ipset=/.d100.net/gfwlist
-server=/.d2bay.com/127.0.0.1#5353
-ipset=/.d2bay.com/gfwlist
-server=/.dabr.co.uk/127.0.0.1#5353
-ipset=/.dabr.co.uk/gfwlist
-server=/.dabr.eu/127.0.0.1#5353
-ipset=/.dabr.eu/gfwlist
-server=/.dabr.me/127.0.0.1#5353
-ipset=/.dabr.me/gfwlist
-server=/.dabr.mobi/127.0.0.1#5353
-ipset=/.dabr.mobi/gfwlist
-server=/.dadazim.com/127.0.0.1#5353
-ipset=/.dadazim.com/gfwlist
-server=/.dadi360.com/127.0.0.1#5353
-ipset=/.dadi360.com/gfwlist
-server=/.dafagood.com/127.0.0.1#5353
-ipset=/.dafagood.com/gfwlist
-server=/.dafahao.com/127.0.0.1#5353
-ipset=/.dafahao.com/gfwlist
-server=/.daftpunk.com/127.0.0.1#5353
-ipset=/.daftpunk.com/gfwlist
-server=/.dailidaili.com/127.0.0.1#5353
-ipset=/.dailidaili.com/gfwlist
-server=/.dailymotion.com/127.0.0.1#5353
-ipset=/.dailymotion.com/gfwlist
-server=/.dailynews.sina.com/127.0.0.1#5353
-ipset=/.dailynews.sina.com/gfwlist
-server=/.daiphapinfo.net/127.0.0.1#5353
-ipset=/.daiphapinfo.net/gfwlist
-server=/.dajiyuan.com/127.0.0.1#5353
-ipset=/.dajiyuan.com/gfwlist
-server=/.dajiyuan.de/127.0.0.1#5353
-ipset=/.dajiyuan.de/gfwlist
-server=/.dajiyuan.eu/127.0.0.1#5353
-ipset=/.dajiyuan.eu/gfwlist
-server=/.dajusha.baywords.com/127.0.0.1#5353
-ipset=/.dajusha.baywords.com/gfwlist
-server=/.dalailama.com/127.0.0.1#5353
-ipset=/.dalailama.com/gfwlist
-server=/.dalailama.ru/127.0.0.1#5353
-ipset=/.dalailama.ru/gfwlist
-server=/.dalailama80.org/127.0.0.1#5353
-ipset=/.dalailama80.org/gfwlist
-server=/.dalailamaprotesters.info/127.0.0.1#5353
-ipset=/.dalailamaprotesters.info/gfwlist
-server=/.dalailamavisit.org.nz/127.0.0.1#5353
-ipset=/.dalailamavisit.org.nz/gfwlist
-server=/.dalailamaworld.com/127.0.0.1#5353
-ipset=/.dalailamaworld.com/gfwlist
-server=/.dalianmeng.org/127.0.0.1#5353
-ipset=/.dalianmeng.org/gfwlist
-server=/.daliulian.org/127.0.0.1#5353
-ipset=/.daliulian.org/gfwlist
-server=/.danke4china.net/127.0.0.1#5353
-ipset=/.danke4china.net/gfwlist
-server=/.danwei.org/127.0.0.1#5353
-ipset=/.danwei.org/gfwlist
-server=/.daodu14.jigsy.com/127.0.0.1#5353
-ipset=/.daodu14.jigsy.com/gfwlist
-server=/.daolan.net/127.0.0.1#5353
-ipset=/.daolan.net/gfwlist
-server=/.darktoy.net/127.0.0.1#5353
-ipset=/.darktoy.net/gfwlist
-server=/.darpa.mil/127.0.0.1#5353
-ipset=/.darpa.mil/gfwlist
-server=/.data-vocabulary.org/127.0.0.1#5353
-ipset=/.data-vocabulary.org/gfwlist
-server=/.date.fm/127.0.0.1#5353
-ipset=/.date.fm/gfwlist
-server=/.david-kilgour.com/127.0.0.1#5353
-ipset=/.david-kilgour.com/gfwlist
-server=/.daxa.cn/127.0.0.1#5353
-ipset=/.daxa.cn/gfwlist
-server=/.daylife.com/127.0.0.1#5353
-ipset=/.daylife.com/gfwlist
-server=/.dbc.hk/127.0.0.1#5353
-ipset=/.dbc.hk/gfwlist
-server=/.deck.ly/127.0.0.1#5353
-ipset=/.deck.ly/gfwlist
-server=/.default.secureserver.net/127.0.0.1#5353
-ipset=/.default.secureserver.net/gfwlist
-server=/.deja.com/127.0.0.1#5353
-ipset=/.deja.com/gfwlist
-server=/.delcamp.net/127.0.0.1#5353
-ipset=/.delcamp.net/gfwlist
-server=/.delicious.com/127.0.0.1#5353
-ipset=/.delicious.com/gfwlist
-server=/.demo.opera-mini.net/127.0.0.1#5353
-ipset=/.demo.opera-mini.net/gfwlist
-server=/.democrats.org/127.0.0.1#5353
-ipset=/.democrats.org/gfwlist
-server=/.derekhsu.homeip.net/127.0.0.1#5353
-ipset=/.derekhsu.homeip.net/gfwlist
-server=/.desc.se/127.0.0.1#5353
-ipset=/.desc.se/gfwlist
-server=/.de-sci.org/127.0.0.1#5353
-ipset=/.de-sci.org/gfwlist
-server=/.designerol.com/127.0.0.1#5353
-ipset=/.designerol.com/gfwlist
-server=/.desipro.de/127.0.0.1#5353
-ipset=/.desipro.de/gfwlist
-server=/.destiny.xfiles.to/127.0.0.1#5353
-ipset=/.destiny.xfiles.to/gfwlist
-server=/.destroy-china.jp/127.0.0.1#5353
-ipset=/.destroy-china.jp/gfwlist
-server=/.deutsche-welle.de/127.0.0.1#5353
-ipset=/.deutsche-welle.de/gfwlist
-server=/.developers.box.net/127.0.0.1#5353
-ipset=/.developers.box.net/gfwlist
-server=/.devio.us/127.0.0.1#5353
-ipset=/.devio.us/gfwlist
-server=/.devpn.com/127.0.0.1#5353
-ipset=/.devpn.com/gfwlist
-server=/.dfas.mil/127.0.0.1#5353
-ipset=/.dfas.mil/gfwlist
-server=/.dfn.org/127.0.0.1#5353
-ipset=/.dfn.org/gfwlist
-server=/.dharamsalanet.com/127.0.0.1#5353
-ipset=/.dharamsalanet.com/gfwlist
-server=/.diaoyuislands.org/127.0.0.1#5353
-ipset=/.diaoyuislands.org/gfwlist
-server=/.digitalnomadsproject.org/127.0.0.1#5353
-ipset=/.digitalnomadsproject.org/gfwlist
-server=/.diigo.com/127.0.0.1#5353
-ipset=/.diigo.com/gfwlist
-server=/.dimitrik.free.fr/127.0.0.1#5353
-ipset=/.dimitrik.free.fr/gfwlist
-server=/.dipity.com/127.0.0.1#5353
-ipset=/.dipity.com/gfwlist
-server=/.directcreative.com/127.0.0.1#5353
-ipset=/.directcreative.com/gfwlist
-server=/.discogs.com/127.0.0.1#5353
-ipset=/.discogs.com/gfwlist
-server=/.discuss.com.hk/127.0.0.1#5353
-ipset=/.discuss.com.hk/gfwlist
-server=/.disp.cc/127.0.0.1#5353
-ipset=/.disp.cc/gfwlist
-server=/.dit-inc.us/127.0.0.1#5353
-ipset=/.dit-inc.us/gfwlist
-server=/.dizhidizhi.com/127.0.0.1#5353
-ipset=/.dizhidizhi.com/gfwlist
-server=/.dizhuzhishang.com/127.0.0.1#5353
-ipset=/.dizhuzhishang.com/gfwlist
-server=/.djangosnippets.org/127.0.0.1#5353
-ipset=/.djangosnippets.org/gfwlist
-server=/.djorz.com/127.0.0.1#5353
-ipset=/.djorz.com/gfwlist
-server=/.dl.box.net/127.0.0.1#5353
-ipset=/.dl.box.net/gfwlist
-server=/.dl-laby.jp/127.0.0.1#5353
-ipset=/.dl-laby.jp/gfwlist
-server=/.dlsite.com/127.0.0.1#5353
-ipset=/.dlsite.com/gfwlist
-server=/.dmcdn.net/127.0.0.1#5353
-ipset=/.dmcdn.net/gfwlist
-server=/.dmm.co.jp/127.0.0.1#5353
-ipset=/.dmm.co.jp/gfwlist
-server=/.dns.v2ex.com/127.0.0.1#5353
-ipset=/.dns.v2ex.com/gfwlist
-server=/.dns2go.com/127.0.0.1#5353
-ipset=/.dns2go.com/gfwlist
-server=/.dnscrypt.org/127.0.0.1#5353
-ipset=/.dnscrypt.org/gfwlist
-server=/.dnssec.net/127.0.0.1#5353
-ipset=/.dnssec.net/gfwlist
-server=/.doctorvoice.org/127.0.0.1#5353
-ipset=/.doctorvoice.org/gfwlist
-server=/.dogfartnetwork.com/127.0.0.1#5353
-ipset=/.dogfartnetwork.com/gfwlist
-server=/.dojin.com/127.0.0.1#5353
-ipset=/.dojin.com/gfwlist
-server=/.dok-forum.net/127.0.0.1#5353
-ipset=/.dok-forum.net/gfwlist
-server=/.dolc.de/127.0.0.1#5353
-ipset=/.dolc.de/gfwlist
-server=/.dolf.org.hk/127.0.0.1#5353
-ipset=/.dolf.org.hk/gfwlist
-server=/.dollf.com/127.0.0.1#5353
-ipset=/.dollf.com/gfwlist
-server=/.domainhelp.search.com/127.0.0.1#5353
-ipset=/.domainhelp.search.com/gfwlist
-server=/.dongtaiwang.com/127.0.0.1#5353
-ipset=/.dongtaiwang.com/gfwlist
-server=/.dongtaiwang.net/127.0.0.1#5353
-ipset=/.dongtaiwang.net/gfwlist
-server=/.dongyangjing.com/127.0.0.1#5353
-ipset=/.dongyangjing.com/gfwlist
-server=/.dontfilter.us/127.0.0.1#5353
-ipset=/.dontfilter.us/gfwlist
-server=/.dontmovetochina.com/127.0.0.1#5353
-ipset=/.dontmovetochina.com/gfwlist
-server=/.dotplane.com/127.0.0.1#5353
-ipset=/.dotplane.com/gfwlist
-server=/.dotsub.com/127.0.0.1#5353
-ipset=/.dotsub.com/gfwlist
-server=/.dougscripts.com/127.0.0.1#5353
-ipset=/.dougscripts.com/gfwlist
-server=/.dowei.org/127.0.0.1#5353
-ipset=/.dowei.org/gfwlist
-server=/.download.aircrack-ng.org/127.0.0.1#5353
-ipset=/.download.aircrack-ng.org/gfwlist
-server=/.doxygen.org/127.0.0.1#5353
-ipset=/.doxygen.org/gfwlist
-server=/.dphk.org/127.0.0.1#5353
-ipset=/.dphk.org/gfwlist
-server=/.dreammask.org/127.0.0.1#5353
-ipset=/.dreammask.org/gfwlist
-server=/.drepung.org/127.0.0.1#5353
-ipset=/.drepung.org/gfwlist
-server=/.drgan.net/127.0.0.1#5353
-ipset=/.drgan.net/gfwlist
-server=/.drmingxia.org/127.0.0.1#5353
-ipset=/.drmingxia.org/gfwlist
-server=/.dropbox.com/127.0.0.1#5353
-ipset=/.dropbox.com/gfwlist
-server=/.dropboxusercontent.com/127.0.0.1#5353
-ipset=/.dropboxusercontent.com/gfwlist
-server=/.drsunacademy.com/127.0.0.1#5353
-ipset=/.drsunacademy.com/gfwlist
-server=/.drtuber.com/127.0.0.1#5353
-ipset=/.drtuber.com/gfwlist
-server=/.dscn.info/127.0.0.1#5353
-ipset=/.dscn.info/gfwlist
-server=/.dtiblog.com/127.0.0.1#5353
-ipset=/.dtiblog.com/gfwlist
-server=/.dtic.mil/127.0.0.1#5353
-ipset=/.dtic.mil/gfwlist
-server=/.dtiserv2.com/127.0.0.1#5353
-ipset=/.dtiserv2.com/gfwlist
-server=/.duckdns.org/127.0.0.1#5353
-ipset=/.duckdns.org/gfwlist
-server=/.duckduckgo.com/127.0.0.1#5353
-ipset=/.duckduckgo.com/gfwlist
-server=/.duckload.com/127.0.0.1#5353
-ipset=/.duckload.com/gfwlist
-server=/.duckmylife.com/127.0.0.1#5353
-ipset=/.duckmylife.com/gfwlist
-server=/.duihua.org/127.0.0.1#5353
-ipset=/.duihua.org/gfwlist
-server=/.duihuahrjournal.org/127.0.0.1#5353
-ipset=/.duihuahrjournal.org/gfwlist
-server=/.duoweitimes.com/127.0.0.1#5353
-ipset=/.duoweitimes.com/gfwlist
-server=/.duping.net/127.0.0.1#5353
-ipset=/.duping.net/gfwlist
-server=/.duplicati.com/127.0.0.1#5353
-ipset=/.duplicati.com/gfwlist
-server=/.dupola.com/127.0.0.1#5353
-ipset=/.dupola.com/gfwlist
-server=/.dupola.net/127.0.0.1#5353
-ipset=/.dupola.net/gfwlist
-server=/.dushi.ca/127.0.0.1#5353
-ipset=/.dushi.ca/gfwlist
-server=/.dvorak.org/127.0.0.1#5353
-ipset=/.dvorak.org/gfwlist
-server=/.dw.com/127.0.0.1#5353
-ipset=/.dw.com/gfwlist
-server=/.dw.de/127.0.0.1#5353
-ipset=/.dw.de/gfwlist
-server=/.dwnews.com/127.0.0.1#5353
-ipset=/.dwnews.com/gfwlist
-server=/.dwnews.net/127.0.0.1#5353
-ipset=/.dwnews.net/gfwlist
-server=/.dw-world.com/127.0.0.1#5353
-ipset=/.dw-world.com/gfwlist
-server=/.dw-world.de/127.0.0.1#5353
-ipset=/.dw-world.de/gfwlist
-server=/.dynawebinc.com/127.0.0.1#5353
-ipset=/.dynawebinc.com/gfwlist
-server=/.dyndns.org/127.0.0.1#5353
-ipset=/.dyndns.org/gfwlist
-server=/.dzze.com/127.0.0.1#5353
-ipset=/.dzze.com/gfwlist
-server=/.e123.hk/127.0.0.1#5353
-ipset=/.e123.hk/gfwlist
-server=/.earthcam.com/127.0.0.1#5353
-ipset=/.earthcam.com/gfwlist
-server=/.eastern-ark.com/127.0.0.1#5353
-ipset=/.eastern-ark.com/gfwlist
-server=/.easternlightning.org/127.0.0.1#5353
-ipset=/.easternlightning.org/gfwlist
-server=/.eastturkestan.com/127.0.0.1#5353
-ipset=/.eastturkestan.com/gfwlist
-server=/.eastturkistan-gov.org/127.0.0.1#5353
-ipset=/.eastturkistan-gov.org/gfwlist
-server=/.eastturkistangovernmentinexile.us/127.0.0.1#5353
-ipset=/.eastturkistangovernmentinexile.us/gfwlist
-server=/.ebookbrowse.com/127.0.0.1#5353
-ipset=/.ebookbrowse.com/gfwlist
-server=/.ebookee.com/127.0.0.1#5353
-ipset=/.ebookee.com/gfwlist
-server=/.echofon.com/127.0.0.1#5353
-ipset=/.echofon.com/gfwlist
-server=/.ecministry.net/127.0.0.1#5353
-ipset=/.ecministry.net/gfwlist
-server=/.ecsm.vs.com/127.0.0.1#5353
-ipset=/.ecsm.vs.com/gfwlist
-server=/.edgecastcdn.net/127.0.0.1#5353
-ipset=/.edgecastcdn.net/gfwlist
-server=/.edicypages.com/127.0.0.1#5353
-ipset=/.edicypages.com/gfwlist
-server=/.edmontonchina.cn/127.0.0.1#5353
-ipset=/.edmontonchina.cn/gfwlist
-server=/.edoors.com/127.0.0.1#5353
-ipset=/.edoors.com/gfwlist
-server=/.edubridge.com/127.0.0.1#5353
-ipset=/.edubridge.com/gfwlist
-server=/.edupro.org/127.0.0.1#5353
-ipset=/.edupro.org/gfwlist
-server=/.eeas.europa.eu/127.0.0.1#5353
-ipset=/.eeas.europa.eu/gfwlist
-server=/.eevpn.com/127.0.0.1#5353
-ipset=/.eevpn.com/gfwlist
-server=/.efcc.org.hk/127.0.0.1#5353
-ipset=/.efcc.org.hk/gfwlist
-server=/.effers.com/127.0.0.1#5353
-ipset=/.effers.com/gfwlist
-server=/.efksoft.com/127.0.0.1#5353
-ipset=/.efksoft.com/gfwlist
-server=/.efmoe.com/127.0.0.1#5353
-ipset=/.efmoe.com/gfwlist
-server=/.e-gold.com/127.0.0.1#5353
-ipset=/.e-gold.com/gfwlist
-server=/.eic-av.com/127.0.0.1#5353
-ipset=/.eic-av.com/gfwlist
-server=/.eisbb.com/127.0.0.1#5353
-ipset=/.eisbb.com/gfwlist
-server=/.eksisozluk.com/127.0.0.1#5353
-ipset=/.eksisozluk.com/gfwlist
-server=/.electionsmeter.com/127.0.0.1#5353
-ipset=/.electionsmeter.com/gfwlist
-server=/.elephantvpn.com/127.0.0.1#5353
-ipset=/.elephantvpn.com/gfwlist
-server=/.elgoog.im/127.0.0.1#5353
-ipset=/.elgoog.im/gfwlist
-server=/.elpais.com/127.0.0.1#5353
-ipset=/.elpais.com/gfwlist
-server=/.eltondisney.com/127.0.0.1#5353
-ipset=/.eltondisney.com/gfwlist
-server=/.emacsblog.org/127.0.0.1#5353
-ipset=/.emacsblog.org/gfwlist
-server=/.embr.in/127.0.0.1#5353
-ipset=/.embr.in/gfwlist
-server=/.emilylau.org.hk/127.0.0.1#5353
-ipset=/.emilylau.org.hk/gfwlist
-server=/.empfil.com/127.0.0.1#5353
-ipset=/.empfil.com/gfwlist
-server=/.emule-ed2k.com/127.0.0.1#5353
-ipset=/.emule-ed2k.com/gfwlist
-server=/.emuparadise.me/127.0.0.1#5353
-ipset=/.emuparadise.me/gfwlist
-server=/.en.favotter.net/127.0.0.1#5353
-ipset=/.en.favotter.net/gfwlist
-server=/.en.hao123.com/127.0.0.1#5353
-ipset=/.en.hao123.com/gfwlist
-server=/.enewstree.com/127.0.0.1#5353
-ipset=/.enewstree.com/gfwlist
-server=/.englishfromengland.co.uk/127.0.0.1#5353
-ipset=/.englishfromengland.co.uk/gfwlist
-server=/.entermap.com/127.0.0.1#5353
-ipset=/.entermap.com/gfwlist
-server=/.episcopalchurch.org/127.0.0.1#5353
-ipset=/.episcopalchurch.org/gfwlist
-server=/.epochtimes.co.il/127.0.0.1#5353
-ipset=/.epochtimes.co.il/gfwlist
-server=/.epochtimes.co.kr/127.0.0.1#5353
-ipset=/.epochtimes.co.kr/gfwlist
-server=/.epochtimes.com/127.0.0.1#5353
-ipset=/.epochtimes.com/gfwlist
-server=/.epochtimes.cz/127.0.0.1#5353
-ipset=/.epochtimes.cz/gfwlist
-server=/.epochtimes.de/127.0.0.1#5353
-ipset=/.epochtimes.de/gfwlist
-server=/.epochtimes.fr/127.0.0.1#5353
-ipset=/.epochtimes.fr/gfwlist
-server=/.epochtimes.ie/127.0.0.1#5353
-ipset=/.epochtimes.ie/gfwlist
-server=/.epochtimes.it/127.0.0.1#5353
-ipset=/.epochtimes.it/gfwlist
-server=/.epochtimes.jp/127.0.0.1#5353
-ipset=/.epochtimes.jp/gfwlist
-server=/.epochtimes.ru/127.0.0.1#5353
-ipset=/.epochtimes.ru/gfwlist
-server=/.epochtimes.se/127.0.0.1#5353
-ipset=/.epochtimes.se/gfwlist
-server=/.epochtimes-bg.com/127.0.0.1#5353
-ipset=/.epochtimes-bg.com/gfwlist
-server=/.epochtimes-romania.com/127.0.0.1#5353
-ipset=/.epochtimes-romania.com/gfwlist
-server=/.epochtimestr.com/127.0.0.1#5353
-ipset=/.epochtimestr.com/gfwlist
-server=/.epochweek.com/127.0.0.1#5353
-ipset=/.epochweek.com/gfwlist
-server=/.epochweekly.com/127.0.0.1#5353
-ipset=/.epochweekly.com/gfwlist
-server=/.erabaru.net/127.0.0.1#5353
-ipset=/.erabaru.net/gfwlist
-server=/.erepublik.com/127.0.0.1#5353
-ipset=/.erepublik.com/gfwlist
-server=/.erights.net/127.0.0.1#5353
-ipset=/.erights.net/gfwlist
-server=/.eriversoft.com/127.0.0.1#5353
-ipset=/.eriversoft.com/gfwlist
-server=/.erktv.com/127.0.0.1#5353
-ipset=/.erktv.com/gfwlist
-server=/.ernestmandel.org/127.0.0.1#5353
-ipset=/.ernestmandel.org/gfwlist
-server=/.erodoujinworld.com/127.0.0.1#5353
-ipset=/.erodoujinworld.com/gfwlist
-server=/.eslite.com/127.0.0.1#5353
-ipset=/.eslite.com/gfwlist
-server=/.etaa.org.au/127.0.0.1#5353
-ipset=/.etaa.org.au/gfwlist
-server=/.etaiwannews.com/127.0.0.1#5353
-ipset=/.etaiwannews.com/gfwlist
-server=/.etizer.org/127.0.0.1#5353
-ipset=/.etizer.org/gfwlist
-server=/.etools.ncol.com/127.0.0.1#5353
-ipset=/.etools.ncol.com/gfwlist
-server=/.e-traderland.net/127.0.0.1#5353
-ipset=/.e-traderland.net/gfwlist
-server=/.ettoday.net/127.0.0.1#5353
-ipset=/.ettoday.net/gfwlist
-server=/.etvonline.hk/127.0.0.1#5353
-ipset=/.etvonline.hk/gfwlist
-server=/.eu.org/127.0.0.1#5353
-ipset=/.eu.org/gfwlist
-server=/.eulam.com/127.0.0.1#5353
-ipset=/.eulam.com/gfwlist
-server=/.evchk.wikia.com/127.0.0.1#5353
-ipset=/.evchk.wikia.com/gfwlist
-server=/.eventful.com/127.0.0.1#5353
-ipset=/.eventful.com/gfwlist
-server=/.exblog.jp/127.0.0.1#5353
-ipset=/.exblog.jp/gfwlist
-server=/.exchristian.hk/127.0.0.1#5353
-ipset=/.exchristian.hk/gfwlist
-server=/.exmormon.org/127.0.0.1#5353
-ipset=/.exmormon.org/gfwlist
-server=/.expatshield.com/127.0.0.1#5353
-ipset=/.expatshield.com/gfwlist
-server=/.exploader.net/127.0.0.1#5353
-ipset=/.exploader.net/gfwlist
-server=/.expressvpn.com/127.0.0.1#5353
-ipset=/.expressvpn.com/gfwlist
-server=/.extremetube.com/127.0.0.1#5353
-ipset=/.extremetube.com/gfwlist
-server=/.eyevio.jp/127.0.0.1#5353
-ipset=/.eyevio.jp/gfwlist
-server=/.eyny.com/127.0.0.1#5353
-ipset=/.eyny.com/gfwlist
-server=/.e-zone.com.hk/127.0.0.1#5353
-ipset=/.e-zone.com.hk/gfwlist
-server=/.ezpc.tk/127.0.0.1#5353
-ipset=/.ezpc.tk/gfwlist
-server=/.ezpeer.com/127.0.0.1#5353
-ipset=/.ezpeer.com/gfwlist
-server=/.facebook.com/127.0.0.1#5353
-ipset=/.facebook.com/gfwlist
-server=/.facebook.hu/127.0.0.1#5353
-ipset=/.facebook.hu/gfwlist
-server=/.facebook.nl/127.0.0.1#5353
-ipset=/.facebook.nl/gfwlist
-server=/.facebookquotes4u.com/127.0.0.1#5353
-ipset=/.facebookquotes4u.com/gfwlist
-server=/.faceless.me/127.0.0.1#5353
-ipset=/.faceless.me/gfwlist
-server=/.facesofnyfw.com/127.0.0.1#5353
-ipset=/.facesofnyfw.com/gfwlist
-server=/.facesoftibetanselfimmolators.info/127.0.0.1#5353
-ipset=/.facesoftibetanselfimmolators.info/gfwlist
-server=/.fail.hk/127.0.0.1#5353
-ipset=/.fail.hk/gfwlist
-server=/.faithfuleye.com/127.0.0.1#5353
-ipset=/.faithfuleye.com/gfwlist
-server=/.faiththedog.info/127.0.0.1#5353
-ipset=/.faiththedog.info/gfwlist
-server=/.fakku.net/127.0.0.1#5353
-ipset=/.fakku.net/gfwlist
-server=/.falsefire.com/127.0.0.1#5353
-ipset=/.falsefire.com/gfwlist
-server=/.falun.caltech.edu/127.0.0.1#5353
-ipset=/.falun.caltech.edu/gfwlist
-server=/.falunart.org/127.0.0.1#5353
-ipset=/.falunart.org/gfwlist
-server=/.falunasia.info/127.0.0.1#5353
-ipset=/.falunasia.info/gfwlist
-server=/.falun-co.org/127.0.0.1#5353
-ipset=/.falun-co.org/gfwlist
-server=/.falundafa.org/127.0.0.1#5353
-ipset=/.falundafa.org/gfwlist
-server=/.falundafa-dc.org/127.0.0.1#5353
-ipset=/.falundafa-dc.org/gfwlist
-server=/.falundafa-florida.org/127.0.0.1#5353
-ipset=/.falundafa-florida.org/gfwlist
-server=/.falundafaindia.org/127.0.0.1#5353
-ipset=/.falundafaindia.org/gfwlist
-server=/.falundafamuseum.org/127.0.0.1#5353
-ipset=/.falundafamuseum.org/gfwlist
-server=/.falundafa-nc.org/127.0.0.1#5353
-ipset=/.falundafa-nc.org/gfwlist
-server=/.falundafa-pa.net/127.0.0.1#5353
-ipset=/.falundafa-pa.net/gfwlist
-server=/.falungong.de/127.0.0.1#5353
-ipset=/.falungong.de/gfwlist
-server=/.falungong.org.uk/127.0.0.1#5353
-ipset=/.falungong.org.uk/gfwlist
-server=/.falunhr.org/127.0.0.1#5353
-ipset=/.falunhr.org/gfwlist
-server=/.faluninfo.de/127.0.0.1#5353
-ipset=/.faluninfo.de/gfwlist
-server=/.faluninfo.net/127.0.0.1#5353
-ipset=/.faluninfo.net/gfwlist
-server=/.falun-ny.net/127.0.0.1#5353
-ipset=/.falun-ny.net/gfwlist
-server=/.falunpilipinas.net/127.0.0.1#5353
-ipset=/.falunpilipinas.net/gfwlist
-server=/.falunworld.net/127.0.0.1#5353
-ipset=/.falunworld.net/gfwlist
-server=/.familyfed.org/127.0.0.1#5353
-ipset=/.familyfed.org/gfwlist
-server=/.famunion.com/127.0.0.1#5353
-ipset=/.famunion.com/gfwlist
-server=/.fangbinxing.com/127.0.0.1#5353
-ipset=/.fangbinxing.com/gfwlist
-server=/.fangeming.com/127.0.0.1#5353
-ipset=/.fangeming.com/gfwlist
-server=/.fang-lizhi.hxwk.org/127.0.0.1#5353
-ipset=/.fang-lizhi.hxwk.org/gfwlist
-server=/.fanglizhi.info/127.0.0.1#5353
-ipset=/.fanglizhi.info/gfwlist
-server=/.fangmincn.org/127.0.0.1#5353
-ipset=/.fangmincn.org/gfwlist
-server=/.fangong.org/127.0.0.1#5353
-ipset=/.fangong.org/gfwlist
-server=/.fangongheike.com/127.0.0.1#5353
-ipset=/.fangongheike.com/gfwlist
-server=/.fan-qiang.com/127.0.0.1#5353
-ipset=/.fan-qiang.com/gfwlist
-server=/.fanqianghou.com/127.0.0.1#5353
-ipset=/.fanqianghou.com/gfwlist
-server=/.fanqiangyakexi.net/127.0.0.1#5353
-ipset=/.fanqiangyakexi.net/gfwlist
-server=/.fanswong.com/127.0.0.1#5353
-ipset=/.fanswong.com/gfwlist
-server=/.fanyue.info/127.0.0.1#5353
-ipset=/.fanyue.info/gfwlist
-server=/.fapdu.com/127.0.0.1#5353
-ipset=/.fapdu.com/gfwlist
-server=/.faproxy.com/127.0.0.1#5353
-ipset=/.faproxy.com/gfwlist
-server=/.farwestchina.com/127.0.0.1#5353
-ipset=/.farwestchina.com/gfwlist
-server=/.fastpic.ru/127.0.0.1#5353
-ipset=/.fastpic.ru/gfwlist
-server=/.faststone.org/127.0.0.1#5353
-ipset=/.faststone.org/gfwlist
-server=/.favstar.fm/127.0.0.1#5353
-ipset=/.favstar.fm/gfwlist
-server=/.fawanghuihui.org/127.0.0.1#5353
-ipset=/.fawanghuihui.org/gfwlist
-server=/.faydao.com/127.0.0.1#5353
-ipset=/.faydao.com/gfwlist
-server=/.fb.com/127.0.0.1#5353
-ipset=/.fb.com/gfwlist
-server=/.fb.me/127.0.0.1#5353
-ipset=/.fb.me/gfwlist
-server=/.fbcdn.net/127.0.0.1#5353
-ipset=/.fbcdn.net/gfwlist
-server=/.fbsbx.com/127.0.0.1#5353
-ipset=/.fbsbx.com/gfwlist
-server=/.fc2.com/127.0.0.1#5353
-ipset=/.fc2.com/gfwlist
-server=/.fc2blog.net/127.0.0.1#5353
-ipset=/.fc2blog.net/gfwlist
-server=/.fc2china.com/127.0.0.1#5353
-ipset=/.fc2china.com/gfwlist
-server=/.fc2cn.com/127.0.0.1#5353
-ipset=/.fc2cn.com/gfwlist
-server=/.fdc89.jp/127.0.0.1#5353
-ipset=/.fdc89.jp/gfwlist
-server=/.feedburner.com/127.0.0.1#5353
-ipset=/.feedburner.com/gfwlist
-server=/.feeds.fileforum.com/127.0.0.1#5353
-ipset=/.feeds.fileforum.com/gfwlist
-server=/.feedzshare.com/127.0.0.1#5353
-ipset=/.feedzshare.com/gfwlist
-server=/.feelssh.com/127.0.0.1#5353
-ipset=/.feelssh.com/gfwlist
-server=/.feer.com/127.0.0.1#5353
-ipset=/.feer.com/gfwlist
-server=/.feitianacademy.org/127.0.0.1#5353
-ipset=/.feitianacademy.org/gfwlist
-server=/.feitian-california.org/127.0.0.1#5353
-ipset=/.feitian-california.org/gfwlist
-server=/.feministteacher.com/127.0.0.1#5353
-ipset=/.feministteacher.com/gfwlist
-server=/.fengzhenghu.com/127.0.0.1#5353
-ipset=/.fengzhenghu.com/gfwlist
-server=/.ff.im/127.0.0.1#5353
-ipset=/.ff.im/gfwlist
-server=/.fflick.com/127.0.0.1#5353
-ipset=/.fflick.com/gfwlist
-server=/.fgmtv.net/127.0.0.1#5353
-ipset=/.fgmtv.net/gfwlist
-server=/.fgmtv.org/127.0.0.1#5353
-ipset=/.fgmtv.org/gfwlist
-server=/.fhreports.net/127.0.0.1#5353
-ipset=/.fhreports.net/gfwlist
-server=/.files2me.com/127.0.0.1#5353
-ipset=/.files2me.com/gfwlist
-server=/.fileserve.com/127.0.0.1#5353
-ipset=/.fileserve.com/gfwlist
-server=/.fillthesquare.org/127.0.0.1#5353
-ipset=/.fillthesquare.org/gfwlist
-server=/.filmingfortibet.org/127.0.0.1#5353
-ipset=/.filmingfortibet.org/gfwlist
-server=/.finalion.jp/127.0.0.1#5353
-ipset=/.finalion.jp/gfwlist
-server=/.financetwitter.com/127.0.0.1#5353
-ipset=/.financetwitter.com/gfwlist
-server=/.fingerdaily.com/127.0.0.1#5353
-ipset=/.fingerdaily.com/gfwlist
-server=/.finler.net/127.0.0.1#5353
-ipset=/.finler.net/gfwlist
-server=/.fireofliberty.org/127.0.0.1#5353
-ipset=/.fireofliberty.org/gfwlist
-server=/.firstfivefollowers.com/127.0.0.1#5353
-ipset=/.firstfivefollowers.com/gfwlist
-server=/.flecheinthepeche.fr/127.0.0.1#5353
-ipset=/.flecheinthepeche.fr/gfwlist
-server=/.fleshbot.com/127.0.0.1#5353
-ipset=/.fleshbot.com/gfwlist
-server=/.flgg.us/127.0.0.1#5353
-ipset=/.flgg.us/gfwlist
-server=/.flickr.com/127.0.0.1#5353
-ipset=/.flickr.com/gfwlist
-server=/.flickrhivemind.net/127.0.0.1#5353
-ipset=/.flickrhivemind.net/gfwlist
-server=/.flightcaster.com/127.0.0.1#5353
-ipset=/.flightcaster.com/gfwlist
-server=/.flipboard.com/127.0.0.1#5353
-ipset=/.flipboard.com/gfwlist
-server=/.flitto.com/127.0.0.1#5353
-ipset=/.flitto.com/gfwlist
-server=/.focusvpn.com/127.0.0.1#5353
-ipset=/.focusvpn.com/gfwlist
-server=/.fofg.org/127.0.0.1#5353
-ipset=/.fofg.org/gfwlist
-server=/.fofldfradio.org/127.0.0.1#5353
-ipset=/.fofldfradio.org/gfwlist
-server=/.fooooo.com/127.0.0.1#5353
-ipset=/.fooooo.com/gfwlist
-server=/.footwiball.com/127.0.0.1#5353
-ipset=/.footwiball.com/gfwlist
-server=/.forum.baby-kingdom.com/127.0.0.1#5353
-ipset=/.forum.baby-kingdom.com/gfwlist
-server=/.forum.cyberctm.com/127.0.0.1#5353
-ipset=/.forum.cyberctm.com/gfwlist
-server=/.forum.idsam.com/127.0.0.1#5353
-ipset=/.forum.idsam.com/gfwlist
-server=/.forum.my903.com/127.0.0.1#5353
-ipset=/.forum.my903.com/gfwlist
-server=/.forum.mymaji.com/127.0.0.1#5353
-ipset=/.forum.mymaji.com/gfwlist
-server=/.forum.omy.sg/127.0.0.1#5353
-ipset=/.forum.omy.sg/gfwlist
-server=/.forum.palmislife.com/127.0.0.1#5353
-ipset=/.forum.palmislife.com/gfwlist
-server=/.forum.sina.com.hk/127.0.0.1#5353
-ipset=/.forum.sina.com.hk/gfwlist
-server=/.forum.tvb.com/127.0.0.1#5353
-ipset=/.forum.tvb.com/gfwlist
-server=/.forum.xinbao.de/127.0.0.1#5353
-ipset=/.forum.xinbao.de/gfwlist
-server=/.fotop.net/127.0.0.1#5353
-ipset=/.fotop.net/gfwlist
-server=/.fourface.nodesnoop.com/127.0.0.1#5353
-ipset=/.fourface.nodesnoop.com/gfwlist
-server=/.fourthinternational.org/127.0.0.1#5353
-ipset=/.fourthinternational.org/gfwlist
-server=/.foxdie.us/127.0.0.1#5353
-ipset=/.foxdie.us/gfwlist
-server=/.foxgay.com/127.0.0.1#5353
-ipset=/.foxgay.com/gfwlist
-server=/.foxsub.com/127.0.0.1#5353
-ipset=/.foxsub.com/gfwlist
-server=/.foxtang.com/127.0.0.1#5353
-ipset=/.foxtang.com/gfwlist
-server=/.fpmt.org/127.0.0.1#5353
-ipset=/.fpmt.org/gfwlist
-server=/.fpmtmexico.org/127.0.0.1#5353
-ipset=/.fpmtmexico.org/gfwlist
-server=/.fpmt-osel.org/127.0.0.1#5353
-ipset=/.fpmt-osel.org/gfwlist
-server=/.fqok.org/127.0.0.1#5353
-ipset=/.fqok.org/gfwlist
-server=/.fqrouter.com/127.0.0.1#5353
-ipset=/.fqrouter.com/gfwlist
-server=/.franklc.com/127.0.0.1#5353
-ipset=/.franklc.com/gfwlist
-server=/.freakshare.com/127.0.0.1#5353
-ipset=/.freakshare.com/gfwlist
-server=/.free.fr/127.0.0.1#5353
-ipset=/.free.fr/gfwlist
-server=/.free4u.com.ar/127.0.0.1#5353
-ipset=/.free4u.com.ar/gfwlist
-server=/.freealim.com/127.0.0.1#5353
-ipset=/.freealim.com/gfwlist
-server=/.freebrowser.org/127.0.0.1#5353
-ipset=/.freebrowser.org/gfwlist
-server=/.freechal.com/127.0.0.1#5353
-ipset=/.freechal.com/gfwlist
-server=/.freechina.net/127.0.0.1#5353
-ipset=/.freechina.net/gfwlist
-server=/.freedomchina.info/127.0.0.1#5353
-ipset=/.freedomchina.info/gfwlist
-server=/.freedomcollection.org/127.0.0.1#5353
-ipset=/.freedomcollection.org/gfwlist
-server=/.freedomhouse.org/127.0.0.1#5353
-ipset=/.freedomhouse.org/gfwlist
-server=/.freedomsherald.org/127.0.0.1#5353
-ipset=/.freedomsherald.org/gfwlist
-server=/.freeforums.org/127.0.0.1#5353
-ipset=/.freeforums.org/gfwlist
-server=/.freefuckvids.com/127.0.0.1#5353
-ipset=/.freefuckvids.com/gfwlist
-server=/.freegao.com/127.0.0.1#5353
-ipset=/.freegao.com/gfwlist
-server=/.free-gate.org/127.0.0.1#5353
-ipset=/.free-gate.org/gfwlist
-server=/.free-hada-now.org/127.0.0.1#5353
-ipset=/.free-hada-now.org/gfwlist
-server=/.freeilhamtohti.org/127.0.0.1#5353
-ipset=/.freeilhamtohti.org/gfwlist
-server=/.freeimage.us/127.0.0.1#5353
-ipset=/.freeimage.us/gfwlist
-server=/.freelotto.com/127.0.0.1#5353
-ipset=/.freelotto.com/gfwlist
-server=/.freeman2.com/127.0.0.1#5353
-ipset=/.freeman2.com/gfwlist
-server=/.freemoren.com/127.0.0.1#5353
-ipset=/.freemoren.com/gfwlist
-server=/.freemorenews.com/127.0.0.1#5353
-ipset=/.freemorenews.com/gfwlist
-server=/.freenet-china.org/127.0.0.1#5353
-ipset=/.freenet-china.org/gfwlist
-server=/.freenetproject.org/127.0.0.1#5353
-ipset=/.freenetproject.org/gfwlist
-server=/.freenewscn.com/127.0.0.1#5353
-ipset=/.freenewscn.com/gfwlist
-server=/.freeopenvpn.com/127.0.0.1#5353
-ipset=/.freeopenvpn.com/gfwlist
-server=/.freeoz.org/127.0.0.1#5353
-ipset=/.freeoz.org/gfwlist
-server=/.free-ssh.com/127.0.0.1#5353
-ipset=/.free-ssh.com/gfwlist
-server=/.freessh.us/127.0.0.1#5353
-ipset=/.freessh.us/gfwlist
-server=/.freetibet.net/127.0.0.1#5353
-ipset=/.freetibet.net/gfwlist
-server=/.freetibet.org/127.0.0.1#5353
-ipset=/.freetibet.org/gfwlist
-server=/.freetibetanheroes.org/127.0.0.1#5353
-ipset=/.freetibetanheroes.org/gfwlist
-server=/.freevpn.nl/127.0.0.1#5353
-ipset=/.freevpn.nl/gfwlist
-server=/.freewallpaper4.me/127.0.0.1#5353
-ipset=/.freewallpaper4.me/gfwlist
-server=/.freewebs.com/127.0.0.1#5353
-ipset=/.freewebs.com/gfwlist
-server=/.freeweibo.com/127.0.0.1#5353
-ipset=/.freeweibo.com/gfwlist
-server=/.freexinwen.com/127.0.0.1#5353
-ipset=/.freexinwen.com/gfwlist
-server=/.freeyoutubeproxy.net/127.0.0.1#5353
-ipset=/.freeyoutubeproxy.net/gfwlist
-server=/.friendfeed.com/127.0.0.1#5353
-ipset=/.friendfeed.com/gfwlist
-server=/.friendfeed-media.com/127.0.0.1#5353
-ipset=/.friendfeed-media.com/gfwlist
-server=/.friendsoftibet.org/127.0.0.1#5353
-ipset=/.friendsoftibet.org/gfwlist
-server=/.friends-of-tibet.org/127.0.0.1#5353
-ipset=/.friends-of-tibet.org/gfwlist
-server=/.fring.com/127.0.0.1#5353
-ipset=/.fring.com/gfwlist
-server=/.fringenetwork.com/127.0.0.1#5353
-ipset=/.fringenetwork.com/gfwlist
-server=/.frommel.net/127.0.0.1#5353
-ipset=/.frommel.net/gfwlist
-server=/.frontlinedefenders.org/127.0.0.1#5353
-ipset=/.frontlinedefenders.org/gfwlist
-server=/.fscked.org/127.0.0.1#5353
-ipset=/.fscked.org/gfwlist
-server=/.fsurf.com/127.0.0.1#5353
-ipset=/.fsurf.com/gfwlist
-server=/.ftchinese.com/127.0.0.1#5353
-ipset=/.ftchinese.com/gfwlist
-server=/.fuckcnnic.net/127.0.0.1#5353
-ipset=/.fuckcnnic.net/gfwlist
-server=/.fuckgfw.org/127.0.0.1#5353
-ipset=/.fuckgfw.org/gfwlist
-server=/.fullerconsideration.com/127.0.0.1#5353
-ipset=/.fullerconsideration.com/gfwlist
-server=/.fulue.com/127.0.0.1#5353
-ipset=/.fulue.com/gfwlist
-server=/.funp.com/127.0.0.1#5353
-ipset=/.funp.com/gfwlist
-server=/.furhhdl.org/127.0.0.1#5353
-ipset=/.furhhdl.org/gfwlist
-server=/.furinkan.com/127.0.0.1#5353
-ipset=/.furinkan.com/gfwlist
-server=/.furl.net/127.0.0.1#5353
-ipset=/.furl.net/gfwlist
-server=/.futurechinaforum.org/127.0.0.1#5353
-ipset=/.futurechinaforum.org/gfwlist
-server=/.futureme.org/127.0.0.1#5353
-ipset=/.futureme.org/gfwlist
-server=/.futuremessage.org/127.0.0.1#5353
-ipset=/.futuremessage.org/gfwlist
-server=/.fuyin.net/127.0.0.1#5353
-ipset=/.fuyin.net/gfwlist
-server=/.fw.cm/127.0.0.1#5353
-ipset=/.fw.cm/gfwlist
-server=/.fxnetworks.com/127.0.0.1#5353
-ipset=/.fxnetworks.com/gfwlist
-server=/.fzh999.com/127.0.0.1#5353
-ipset=/.fzh999.com/gfwlist
-server=/.fzh999.net/127.0.0.1#5353
-ipset=/.fzh999.net/gfwlist
-server=/.g.co/127.0.0.1#5353
-ipset=/.g.co/gfwlist
-server=/.g.e-hentai.org/127.0.0.1#5353
-ipset=/.g.e-hentai.org/gfwlist
-server=/.gabocorp.com/127.0.0.1#5353
-ipset=/.gabocorp.com/gfwlist
-server=/.gaeproxy.com/127.0.0.1#5353
-ipset=/.gaeproxy.com/gfwlist
-server=/.gaforum.org/127.0.0.1#5353
-ipset=/.gaforum.org/gfwlist
-server=/.galenwu.com/127.0.0.1#5353
-ipset=/.galenwu.com/gfwlist
-server=/.game735.com/127.0.0.1#5353
-ipset=/.game735.com/gfwlist
-server=/.ganges.com/127.0.0.1#5353
-ipset=/.ganges.com/gfwlist
-server=/.gaoming.net/127.0.0.1#5353
-ipset=/.gaoming.net/gfwlist
-server=/.gaopi.net/127.0.0.1#5353
-ipset=/.gaopi.net/gfwlist
-server=/.gaozhisheng.net/127.0.0.1#5353
-ipset=/.gaozhisheng.net/gfwlist
-server=/.gaozhisheng.org/127.0.0.1#5353
-ipset=/.gaozhisheng.org/gfwlist
-server=/.gardennetworks.com/127.0.0.1#5353
-ipset=/.gardennetworks.com/gfwlist
-server=/.gardennetworks.org/127.0.0.1#5353
-ipset=/.gardennetworks.org/gfwlist
-server=/.gartlive.com/127.0.0.1#5353
-ipset=/.gartlive.com/gfwlist
-server=/.gather.com/127.0.0.1#5353
-ipset=/.gather.com/gfwlist
-server=/.gaycn.net/127.0.0.1#5353
-ipset=/.gaycn.net/gfwlist
-server=/.gaymap.cc/127.0.0.1#5353
-ipset=/.gaymap.cc/gfwlist
-server=/.gaytube.com/127.0.0.1#5353
-ipset=/.gaytube.com/gfwlist
-server=/.gazotube.com/127.0.0.1#5353
-ipset=/.gazotube.com/gfwlist
-server=/.gcc.org.hk/127.0.0.1#5353
-ipset=/.gcc.org.hk/gfwlist
-server=/.gclooney.com/127.0.0.1#5353
-ipset=/.gclooney.com/gfwlist
-server=/.gcpnews.com/127.0.0.1#5353
-ipset=/.gcpnews.com/gfwlist
-server=/.gdbt.net/127.0.0.1#5353
-ipset=/.gdbt.net/gfwlist
-server=/.gdzf.org/127.0.0.1#5353
-ipset=/.gdzf.org/gfwlist
-server=/.geek-art.net/127.0.0.1#5353
-ipset=/.geek-art.net/gfwlist
-server=/.geekerhome.com/127.0.0.1#5353
-ipset=/.geekerhome.com/gfwlist
-server=/.geekmanuals.com/127.0.0.1#5353
-ipset=/.geekmanuals.com/gfwlist
-server=/.geocities.co.jp/127.0.0.1#5353
-ipset=/.geocities.co.jp/gfwlist
-server=/.geocities.com/127.0.0.1#5353
-ipset=/.geocities.com/gfwlist
-server=/.geocities.jp/127.0.0.1#5353
-ipset=/.geocities.jp/gfwlist
-server=/.geohot.com/127.0.0.1#5353
-ipset=/.geohot.com/gfwlist
-server=/.geometrictools.com/127.0.0.1#5353
-ipset=/.geometrictools.com/gfwlist
-server=/.getchu.com/127.0.0.1#5353
-ipset=/.getchu.com/gfwlist
-server=/.getcloak.com/127.0.0.1#5353
-ipset=/.getcloak.com/gfwlist
-server=/.getcloudapp.com/127.0.0.1#5353
-ipset=/.getcloudapp.com/gfwlist
-server=/.getfoxyproxy.org/127.0.0.1#5353
-ipset=/.getfoxyproxy.org/gfwlist
-server=/.getfreedur.com/127.0.0.1#5353
-ipset=/.getfreedur.com/gfwlist
-server=/.getgom.com/127.0.0.1#5353
-ipset=/.getgom.com/gfwlist
-server=/.getiton.com/127.0.0.1#5353
-ipset=/.getiton.com/gfwlist
-server=/.getjetso.com/127.0.0.1#5353
-ipset=/.getjetso.com/gfwlist
-server=/.getlantern.org/127.0.0.1#5353
-ipset=/.getlantern.org/gfwlist
-server=/.getmdl.io/127.0.0.1#5353
-ipset=/.getmdl.io/gfwlist
-server=/.getsmartlinks.com/127.0.0.1#5353
-ipset=/.getsmartlinks.com/gfwlist
-server=/.getsocialscope.com/127.0.0.1#5353
-ipset=/.getsocialscope.com/gfwlist
-server=/.gettyimages.com/127.0.0.1#5353
-ipset=/.gettyimages.com/gfwlist
-server=/.getuploader.com/127.0.0.1#5353
-ipset=/.getuploader.com/gfwlist
-server=/.gfbv.de/127.0.0.1#5353
-ipset=/.gfbv.de/gfwlist
-server=/.gfsale.com/127.0.0.1#5353
-ipset=/.gfsale.com/gfwlist
-server=/.gfw.org.ua/127.0.0.1#5353
-ipset=/.gfw.org.ua/gfwlist
-server=/.ggpht.com/127.0.0.1#5353
-ipset=/.ggpht.com/gfwlist
-server=/.ggssl.com/127.0.0.1#5353
-ipset=/.ggssl.com/gfwlist
-server=/.ghost.org/127.0.0.1#5353
-ipset=/.ghost.org/gfwlist
-server=/.ghostpath.com/127.0.0.1#5353
-ipset=/.ghostpath.com/gfwlist
-server=/.ghut.org/127.0.0.1#5353
-ipset=/.ghut.org/gfwlist
-server=/.giga-web.jp/127.0.0.1#5353
-ipset=/.giga-web.jp/gfwlist
-server=/.gigporno.ru/127.0.0.1#5353
-ipset=/.gigporno.ru/gfwlist
-server=/.gimpshop.com/127.0.0.1#5353
-ipset=/.gimpshop.com/gfwlist
-server=/.girlbanker.com/127.0.0.1#5353
-ipset=/.girlbanker.com/gfwlist
-server=/.git-scm.com/127.0.0.1#5353
-ipset=/.git-scm.com/gfwlist
-server=/.gizlen.net/127.0.0.1#5353
-ipset=/.gizlen.net/gfwlist
-server=/.glass8.eu/127.0.0.1#5353
-ipset=/.glass8.eu/gfwlist
-server=/.glennhilton.com/127.0.0.1#5353
-ipset=/.glennhilton.com/gfwlist
-server=/.global.hkepc.com/127.0.0.1#5353
-ipset=/.global.hkepc.com/gfwlist
-server=/.globaljihad.net/127.0.0.1#5353
-ipset=/.globaljihad.net/gfwlist
-server=/.globalmuseumoncommunism.org/127.0.0.1#5353
-ipset=/.globalmuseumoncommunism.org/gfwlist
-server=/.globalrescue.hopto.org/127.0.0.1#5353
-ipset=/.globalrescue.hopto.org/gfwlist
-server=/.globalrescue.net/127.0.0.1#5353
-ipset=/.globalrescue.net/gfwlist
-server=/.globaltm.org/127.0.0.1#5353
-ipset=/.globaltm.org/gfwlist
-server=/.globalvoicesonline.org/127.0.0.1#5353
-ipset=/.globalvoicesonline.org/gfwlist
-server=/.glype.com/127.0.0.1#5353
-ipset=/.glype.com/gfwlist
-server=/.gmail.com/127.0.0.1#5353
-ipset=/.gmail.com/gfwlist
-server=/.gmbd.cn/127.0.0.1#5353
-ipset=/.gmbd.cn/gfwlist
-server=/.gmhz.org/127.0.0.1#5353
-ipset=/.gmhz.org/gfwlist
-server=/.gmll.org/127.0.0.1#5353
-ipset=/.gmll.org/gfwlist
-server=/.gmodules.com/127.0.0.1#5353
-ipset=/.gmodules.com/gfwlist
-server=/.gmozomg.izihost.org/127.0.0.1#5353
-ipset=/.gmozomg.izihost.org/gfwlist
-server=/.gnci.org.hk/127.0.0.1#5353
-ipset=/.gnci.org.hk/gfwlist
-server=/.goagent.biz/127.0.0.1#5353
-ipset=/.goagent.biz/gfwlist
-server=/.goagent.codeplex.com/127.0.0.1#5353
-ipset=/.goagent.codeplex.com/gfwlist
-server=/.goagentplus.com/127.0.0.1#5353
-ipset=/.goagentplus.com/gfwlist
-server=/.godfootsteps.org/127.0.0.1#5353
-ipset=/.godfootsteps.org/gfwlist
-server=/.godsdirectcontact.org/127.0.0.1#5353
-ipset=/.godsdirectcontact.org/gfwlist
-server=/.gokbayrak.com/127.0.0.1#5353
-ipset=/.gokbayrak.com/gfwlist
-server=/.golang.org/127.0.0.1#5353
-ipset=/.golang.org/gfwlist
-server=/.goldbetsports.com/127.0.0.1#5353
-ipset=/.goldbetsports.com/gfwlist
-server=/.goldenfrog.com/127.0.0.1#5353
-ipset=/.goldenfrog.com/gfwlist
-server=/.goldstep.net/127.0.0.1#5353
-ipset=/.goldstep.net/gfwlist
-server=/.goldwave.com/127.0.0.1#5353
-ipset=/.goldwave.com/gfwlist
-server=/.gongm.in/127.0.0.1#5353
-ipset=/.gongm.in/gfwlist
-server=/.gongmeng.info/127.0.0.1#5353
-ipset=/.gongmeng.info/gfwlist
-server=/.gongminliliang.com/127.0.0.1#5353
-ipset=/.gongminliliang.com/gfwlist
-server=/.gongwt.com/127.0.0.1#5353
-ipset=/.gongwt.com/gfwlist
-server=/.goo.gl/127.0.0.1#5353
-ipset=/.goo.gl/gfwlist
-server=/.goodreaders.com/127.0.0.1#5353
-ipset=/.goodreaders.com/gfwlist
-server=/.goodreads.com/127.0.0.1#5353
-ipset=/.goodreads.com/gfwlist
-server=/.goodtv.tv/127.0.0.1#5353
-ipset=/.goodtv.tv/gfwlist
-server=/.goofind.com/127.0.0.1#5353
-ipset=/.goofind.com/gfwlist
-server=/.google.co.jp/127.0.0.1#5353
-ipset=/.google.co.jp/gfwlist
-server=/.google.co.uk/127.0.0.1#5353
-ipset=/.google.co.uk/gfwlist
-server=/.google.com/127.0.0.1#5353
-ipset=/.google.com/gfwlist
-server=/.google.com.hk/127.0.0.1#5353
-ipset=/.google.com.hk/gfwlist
-server=/.google.com.sg/127.0.0.1#5353
-ipset=/.google.com.sg/gfwlist
-server=/.google.ro/127.0.0.1#5353
-ipset=/.google.ro/gfwlist
-server=/.googleapis.com/127.0.0.1#5353
-ipset=/.googleapis.com/gfwlist
-server=/.googleartproject.com/127.0.0.1#5353
-ipset=/.googleartproject.com/gfwlist
-server=/.googlecode.com/127.0.0.1#5353
-ipset=/.googlecode.com/gfwlist
-server=/.googlecommerce.com/127.0.0.1#5353
-ipset=/.googlecommerce.com/gfwlist
-server=/.googledomains.com/127.0.0.1#5353
-ipset=/.googledomains.com/gfwlist
-server=/.googledrive.com/127.0.0.1#5353
-ipset=/.googledrive.com/gfwlist
-server=/.googleearth.com/127.0.0.1#5353
-ipset=/.googleearth.com/gfwlist
-server=/.googlegroups.com/127.0.0.1#5353
-ipset=/.googlegroups.com/gfwlist
-server=/.googlehosted.com/127.0.0.1#5353
-ipset=/.googlehosted.com/gfwlist
-server=/.googlelabs.com/127.0.0.1#5353
-ipset=/.googlelabs.com/gfwlist
-server=/.googlemail.com/127.0.0.1#5353
-ipset=/.googlemail.com/gfwlist
-server=/.googleplay.com/127.0.0.1#5353
-ipset=/.googleplay.com/gfwlist
-server=/.googleplus.com/127.0.0.1#5353
-ipset=/.googleplus.com/gfwlist
-server=/.googlesile.com/127.0.0.1#5353
-ipset=/.googlesile.com/gfwlist
-server=/.googlesource.com/127.0.0.1#5353
-ipset=/.googlesource.com/gfwlist
-server=/.googleusercontent.com/127.0.0.1#5353
-ipset=/.googleusercontent.com/gfwlist
-server=/.googlevideo.com/127.0.0.1#5353
-ipset=/.googlevideo.com/gfwlist
-server=/.googlezip.net/127.0.0.1#5353
-ipset=/.googlezip.net/gfwlist
-server=/.gopetition.com/127.0.0.1#5353
-ipset=/.gopetition.com/gfwlist
-server=/.go-pki.com/127.0.0.1#5353
-ipset=/.go-pki.com/gfwlist
-server=/.goproxing.net/127.0.0.1#5353
-ipset=/.goproxing.net/gfwlist
-server=/.gospelherald.com/127.0.0.1#5353
-ipset=/.gospelherald.com/gfwlist
-server=/.gotgeeks.com/127.0.0.1#5353
-ipset=/.gotgeeks.com/gfwlist
-server=/.gotrusted.com/127.0.0.1#5353
-ipset=/.gotrusted.com/gfwlist
-server=/.gotw.ca/127.0.0.1#5353
-ipset=/.gotw.ca/gfwlist
-server=/.grammaly.com/127.0.0.1#5353
-ipset=/.grammaly.com/gfwlist
-server=/.grandtrial.org/127.0.0.1#5353
-ipset=/.grandtrial.org/gfwlist
-server=/.grangorz.org/127.0.0.1#5353
-ipset=/.grangorz.org/gfwlist
-server=/.graphis.ne.jp/127.0.0.1#5353
-ipset=/.graphis.ne.jp/gfwlist
-server=/.graylog2.org/127.0.0.1#5353
-ipset=/.graylog2.org/gfwlist
-server=/.greasespot.net/127.0.0.1#5353
-ipset=/.greasespot.net/gfwlist
-server=/.greatfire.org/127.0.0.1#5353
-ipset=/.greatfire.org/gfwlist
-server=/.greatfirewall.biz/127.0.0.1#5353
-ipset=/.greatfirewall.biz/gfwlist
-server=/.great-firewall.com/127.0.0.1#5353
-ipset=/.great-firewall.com/gfwlist
-server=/.greatfirewallofchina.net/127.0.0.1#5353
-ipset=/.greatfirewallofchina.net/gfwlist
-server=/.greatfirewallofchina.org/127.0.0.1#5353
-ipset=/.greatfirewallofchina.org/gfwlist
-server=/.greatroc.org/127.0.0.1#5353
-ipset=/.greatroc.org/gfwlist
-server=/.great-roc.org/127.0.0.1#5353
-ipset=/.great-roc.org/gfwlist
-server=/.greatzhonghua.org/127.0.0.1#5353
-ipset=/.greatzhonghua.org/gfwlist
-server=/.greenpeace.org/127.0.0.1#5353
-ipset=/.greenpeace.org/gfwlist
-server=/.greenvpn.net/127.0.0.1#5353
-ipset=/.greenvpn.net/gfwlist
-server=/.groups.google.cn/127.0.0.1#5353
-ipset=/.groups.google.cn/gfwlist
-server=/.gs-discuss.com/127.0.0.1#5353
-ipset=/.gs-discuss.com/gfwlist
-server=/.gstatic.com/127.0.0.1#5353
-ipset=/.gstatic.com/gfwlist
-server=/.gtricks.com/127.0.0.1#5353
-ipset=/.gtricks.com/gfwlist
-server=/.guancha.org/127.0.0.1#5353
-ipset=/.guancha.org/gfwlist
-server=/.gu-chu-sum.org/127.0.0.1#5353
-ipset=/.gu-chu-sum.org/gfwlist
-server=/.guishan.org/127.0.0.1#5353
-ipset=/.guishan.org/gfwlist
-server=/.gunsamerica.com/127.0.0.1#5353
-ipset=/.gunsamerica.com/gfwlist
-server=/.gun-world.net/127.0.0.1#5353
-ipset=/.gun-world.net/gfwlist
-server=/.guruonline.hk/127.0.0.1#5353
-ipset=/.guruonline.hk/gfwlist
-server=/.gutteruncensored.com/127.0.0.1#5353
-ipset=/.gutteruncensored.com/gfwlist
-server=/.gvlib.com/127.0.0.1#5353
-ipset=/.gvlib.com/gfwlist
-server=/.gvt0.com/127.0.0.1#5353
-ipset=/.gvt0.com/gfwlist
-server=/.gvt1.com/127.0.0.1#5353
-ipset=/.gvt1.com/gfwlist
-server=/.gvt1.com/127.0.0.1#5353
-ipset=/.gvt1.com/gfwlist
-server=/.gvt2.com/127.0.0.1#5353
-ipset=/.gvt2.com/gfwlist
-server=/.gvt3.com/127.0.0.1#5353
-ipset=/.gvt3.com/gfwlist
-server=/.gyalwarinpoche.com/127.0.0.1#5353
-ipset=/.gyalwarinpoche.com/gfwlist
-server=/.gyatsostudio.com/127.0.0.1#5353
-ipset=/.gyatsostudio.com/gfwlist
-server=/.gzm.tv/127.0.0.1#5353
-ipset=/.gzm.tv/gfwlist
-server=/.gzone-anime.info/127.0.0.1#5353
-ipset=/.gzone-anime.info/gfwlist
-server=/.h1n1china.org/127.0.0.1#5353
-ipset=/.h1n1china.org/gfwlist
-server=/.hacken.cc/127.0.0.1#5353
-ipset=/.hacken.cc/gfwlist
-server=/.hackthatphone.net/127.0.0.1#5353
-ipset=/.hackthatphone.net/gfwlist
-server=/.hahlo.com/127.0.0.1#5353
-ipset=/.hahlo.com/gfwlist
-server=/.hanunyi.com/127.0.0.1#5353
-ipset=/.hanunyi.com/gfwlist
-server=/.happy-vpn.com/127.0.0.1#5353
-ipset=/.happy-vpn.com/gfwlist
-server=/.haproxy.org/127.0.0.1#5353
-ipset=/.haproxy.org/gfwlist
-server=/.hardsextube.com/127.0.0.1#5353
-ipset=/.hardsextube.com/gfwlist
-server=/.harunyahya.com/127.0.0.1#5353
-ipset=/.harunyahya.com/gfwlist
-server=/.hasaowall.com/127.0.0.1#5353
-ipset=/.hasaowall.com/gfwlist
-server=/.have8.com/127.0.0.1#5353
-ipset=/.have8.com/gfwlist
-server=/.h-china.org/127.0.0.1#5353
-ipset=/.h-china.org/gfwlist
-server=/.hdtvb.net/127.0.0.1#5353
-ipset=/.hdtvb.net/gfwlist
-server=/.heartyit.com/127.0.0.1#5353
-ipset=/.heartyit.com/gfwlist
-server=/.hecaitou.net/127.0.0.1#5353
-ipset=/.hecaitou.net/gfwlist
-server=/.hechaji.com/127.0.0.1#5353
-ipset=/.hechaji.com/gfwlist
-server=/.heix.pp.ru/127.0.0.1#5353
-ipset=/.heix.pp.ru/gfwlist
-server=/.helloandroid.com/127.0.0.1#5353
-ipset=/.helloandroid.com/gfwlist
-server=/.helloqueer.com/127.0.0.1#5353
-ipset=/.helloqueer.com/gfwlist
-server=/.hellotxt.com/127.0.0.1#5353
-ipset=/.hellotxt.com/gfwlist
-server=/.hellouk.org/127.0.0.1#5353
-ipset=/.hellouk.org/gfwlist
-server=/.help.linksalpha.com/127.0.0.1#5353
-ipset=/.help.linksalpha.com/gfwlist
-server=/.help.opera.com/127.0.0.1#5353
-ipset=/.help.opera.com/gfwlist
-server=/.helpeachpeople.com/127.0.0.1#5353
-ipset=/.helpeachpeople.com/gfwlist
-server=/.helplinfen.com/127.0.0.1#5353
-ipset=/.helplinfen.com/gfwlist
-server=/.helpzhuling.org/127.0.0.1#5353
-ipset=/.helpzhuling.org/gfwlist
-server=/.hentai.to/127.0.0.1#5353
-ipset=/.hentai.to/gfwlist
-server=/.heqinglian.net/127.0.0.1#5353
-ipset=/.heqinglian.net/gfwlist
-server=/.here4news.com/127.0.0.1#5353
-ipset=/.here4news.com/gfwlist
-server=/.heungkongdiscuss.com/127.0.0.1#5353
-ipset=/.heungkongdiscuss.com/gfwlist
-server=/.hexxeh.net/127.0.0.1#5353
-ipset=/.hexxeh.net/gfwlist
-server=/.heyzo.com/127.0.0.1#5353
-ipset=/.heyzo.com/gfwlist
-server=/.hgseav.com/127.0.0.1#5353
-ipset=/.hgseav.com/gfwlist
-server=/.hidden-advent.org/127.0.0.1#5353
-ipset=/.hidden-advent.org/gfwlist
-server=/.hide.me/127.0.0.1#5353
-ipset=/.hide.me/gfwlist
-server=/.hidecloud.com/127.0.0.1#5353
-ipset=/.hidecloud.com/gfwlist
-server=/.hideipvpn.com/127.0.0.1#5353
-ipset=/.hideipvpn.com/gfwlist
-server=/.hideman.net/127.0.0.1#5353
-ipset=/.hideman.net/gfwlist
-server=/.hideme.nl/127.0.0.1#5353
-ipset=/.hideme.nl/gfwlist
-server=/.hidemyass.com/127.0.0.1#5353
-ipset=/.hidemyass.com/gfwlist
-server=/.hidemycomp.com/127.0.0.1#5353
-ipset=/.hidemycomp.com/gfwlist
-server=/.higfw.com/127.0.0.1#5353
-ipset=/.higfw.com/gfwlist
-server=/.highpeakspureearth.com/127.0.0.1#5353
-ipset=/.highpeakspureearth.com/gfwlist
-server=/.highrockmedia.com/127.0.0.1#5353
-ipset=/.highrockmedia.com/gfwlist
-server=/.hihiforum.com/127.0.0.1#5353
-ipset=/.hihiforum.com/gfwlist
-server=/.hihistory.net/127.0.0.1#5353
-ipset=/.hihistory.net/gfwlist
-server=/.hiitch.com/127.0.0.1#5353
-ipset=/.hiitch.com/gfwlist
-server=/.hikinggfw.org/127.0.0.1#5353
-ipset=/.hikinggfw.org/gfwlist
-server=/.himalayan-foundation.org/127.0.0.1#5353
-ipset=/.himalayan-foundation.org/gfwlist
-server=/.himemix.com/127.0.0.1#5353
-ipset=/.himemix.com/gfwlist
-server=/.himemix.net/127.0.0.1#5353
-ipset=/.himemix.net/gfwlist
-server=/.hjclub.info/127.0.0.1#5353
-ipset=/.hjclub.info/gfwlist
-server=/.hk.geocities.com/127.0.0.1#5353
-ipset=/.hk.geocities.com/gfwlist
-server=/.hk.gradconnection.com/127.0.0.1#5353
-ipset=/.hk.gradconnection.com/gfwlist
-server=/.hk.hao123img.com/127.0.0.1#5353
-ipset=/.hk.hao123img.com/gfwlist
-server=/.hk.jiepang.com/127.0.0.1#5353
-ipset=/.hk.jiepang.com/gfwlist
-server=/.hk.knowledge.yahoo.com/127.0.0.1#5353
-ipset=/.hk.knowledge.yahoo.com/gfwlist
-server=/.hk.myblog.yahoo.com/127.0.0.1#5353
-ipset=/.hk.myblog.yahoo.com/gfwlist
-server=/.hk.news.yahoo.com/127.0.0.1#5353
-ipset=/.hk.news.yahoo.com/gfwlist
-server=/.hk.rd.yahoo.com/127.0.0.1#5353
-ipset=/.hk.rd.yahoo.com/gfwlist
-server=/.hk.search.yahoo.com/127.0.0.1#5353
-ipset=/.hk.search.yahoo.com/gfwlist
-server=/.hk.video.news.yahoo.com/127.0.0.1#5353
-ipset=/.hk.video.news.yahoo.com/gfwlist
-server=/.hk.yahoo.com/127.0.0.1#5353
-ipset=/.hk.yahoo.com/gfwlist
-server=/.hk01.com/127.0.0.1#5353
-ipset=/.hk01.com/gfwlist
-server=/.hk32168.com/127.0.0.1#5353
-ipset=/.hk32168.com/gfwlist
-server=/.hkatvnews.com/127.0.0.1#5353
-ipset=/.hkatvnews.com/gfwlist
-server=/.hkbc.net/127.0.0.1#5353
-ipset=/.hkbc.net/gfwlist
-server=/.hkbf.org/127.0.0.1#5353
-ipset=/.hkbf.org/gfwlist
-server=/.hkbookcity.com/127.0.0.1#5353
-ipset=/.hkbookcity.com/gfwlist
-server=/.hkchurch.org/127.0.0.1#5353
-ipset=/.hkchurch.org/gfwlist
-server=/.hkdailynews.com.hk/127.0.0.1#5353
-ipset=/.hkdailynews.com.hk/gfwlist
-server=/.hkday.net/127.0.0.1#5353
-ipset=/.hkday.net/gfwlist
-server=/.hkdf.org/127.0.0.1#5353
-ipset=/.hkdf.org/gfwlist
-server=/.hkej.com/127.0.0.1#5353
-ipset=/.hkej.com/gfwlist
-server=/.hkepc.com/127.0.0.1#5353
-ipset=/.hkepc.com/gfwlist
-server=/.hkfront.org/127.0.0.1#5353
-ipset=/.hkfront.org/gfwlist
-server=/.hkgolden.com/127.0.0.1#5353
-ipset=/.hkgolden.com/gfwlist
-server=/.hkgreenradio.org/127.0.0.1#5353
-ipset=/.hkgreenradio.org/gfwlist
-server=/.hkheadline.com/127.0.0.1#5353
-ipset=/.hkheadline.com/gfwlist
-server=/.hkhkhk.com/127.0.0.1#5353
-ipset=/.hkhkhk.com/gfwlist
-server=/.hkhrc.org.hk/127.0.0.1#5353
-ipset=/.hkhrc.org.hk/gfwlist
-server=/.hkhrm.org.hk/127.0.0.1#5353
-ipset=/.hkhrm.org.hk/gfwlist
-server=/.hkjc.com/127.0.0.1#5353
-ipset=/.hkjc.com/gfwlist
-server=/.hkjp.org/127.0.0.1#5353
-ipset=/.hkjp.org/gfwlist
-server=/.hklft.com/127.0.0.1#5353
-ipset=/.hklft.com/gfwlist
-server=/.hklts.org.hk/127.0.0.1#5353
-ipset=/.hklts.org.hk/gfwlist
-server=/.hkptu.org/127.0.0.1#5353
-ipset=/.hkptu.org/gfwlist
-server=/.hk-pub.com/127.0.0.1#5353
-ipset=/.hk-pub.com/gfwlist
-server=/.hkreporter.com/127.0.0.1#5353
-ipset=/.hkreporter.com/gfwlist
-server=/.hkreporter.loved.hk/127.0.0.1#5353
-ipset=/.hkreporter.loved.hk/gfwlist
-server=/.hkupop.hku.hk/127.0.0.1#5353
-ipset=/.hkupop.hku.hk/gfwlist
-server=/.hkusu.net/127.0.0.1#5353
-ipset=/.hkusu.net/gfwlist
-server=/.hkwcc.org.hk/127.0.0.1#5353
-ipset=/.hkwcc.org.hk/gfwlist
-server=/.hkzone.org/127.0.0.1#5353
-ipset=/.hkzone.org/gfwlist
-server=/.hmvdigital.ca/127.0.0.1#5353
-ipset=/.hmvdigital.ca/gfwlist
-server=/.hmvdigital.com/127.0.0.1#5353
-ipset=/.hmvdigital.com/gfwlist
-server=/.hnjhj.com/127.0.0.1#5353
-ipset=/.hnjhj.com/gfwlist
-server=/.hola.com/127.0.0.1#5353
-ipset=/.hola.com/gfwlist
-server=/.hola.org/127.0.0.1#5353
-ipset=/.hola.org/gfwlist
-server=/.holyspiritspeaks.org/127.0.0.1#5353
-ipset=/.holyspiritspeaks.org/gfwlist
-server=/.holz.byethost8.com/127.0.0.1#5353
-ipset=/.holz.byethost8.com/gfwlist
-server=/.home.sina.com/127.0.0.1#5353
-ipset=/.home.sina.com/gfwlist
-server=/.homedepot.com/127.0.0.1#5353
-ipset=/.homedepot.com/gfwlist
-server=/.homeservershow.com/127.0.0.1#5353
-ipset=/.homeservershow.com/gfwlist
-server=/.hongmeimei.com/127.0.0.1#5353
-ipset=/.hongmeimei.com/gfwlist
-server=/.hongzhi.li/127.0.0.1#5353
-ipset=/.hongzhi.li/gfwlist
-server=/.hootsuite.com/127.0.0.1#5353
-ipset=/.hootsuite.com/gfwlist
-server=/.hornygamer.com/127.0.0.1#5353
-ipset=/.hornygamer.com/gfwlist
-server=/.hotav.tv/127.0.0.1#5353
-ipset=/.hotav.tv/gfwlist
-server=/.hotpot.hk/127.0.0.1#5353
-ipset=/.hotpot.hk/gfwlist
-server=/.hotshame.com/127.0.0.1#5353
-ipset=/.hotshame.com/gfwlist
-server=/.hotspotshield.com/127.0.0.1#5353
-ipset=/.hotspotshield.com/gfwlist
-server=/.hougaige.com/127.0.0.1#5353
-ipset=/.hougaige.com/gfwlist
-server=/.howtoforge.com/127.0.0.1#5353
-ipset=/.howtoforge.com/gfwlist
-server=/.hqcdp.org/127.0.0.1#5353
-ipset=/.hqcdp.org/gfwlist
-server=/.hqjapanesesex.com/127.0.0.1#5353
-ipset=/.hqjapanesesex.com/gfwlist
-server=/.hrcchina.org/127.0.0.1#5353
-ipset=/.hrcchina.org/gfwlist
-server=/.hrcir.com/127.0.0.1#5353
-ipset=/.hrcir.com/gfwlist
-server=/.hrea.org/127.0.0.1#5353
-ipset=/.hrea.org/gfwlist
-server=/.hrichina.org/127.0.0.1#5353
-ipset=/.hrichina.org/gfwlist
-server=/.hrw.org/127.0.0.1#5353
-ipset=/.hrw.org/gfwlist
-server=/.hrweb.org/127.0.0.1#5353
-ipset=/.hrweb.org/gfwlist
-server=/.hsjp.net/127.0.0.1#5353
-ipset=/.hsjp.net/gfwlist
-server=/.hsselite.com/127.0.0.1#5353
-ipset=/.hsselite.com/gfwlist
-server=/.hstt.net/127.0.0.1#5353
-ipset=/.hstt.net/gfwlist
-server=/.ht.ly/127.0.0.1#5353
-ipset=/.ht.ly/gfwlist
-server=/.htkou.net/127.0.0.1#5353
-ipset=/.htkou.net/gfwlist
-server=/.htl.li/127.0.0.1#5353
-ipset=/.htl.li/gfwlist
-server=/.html5rocks.com/127.0.0.1#5353
-ipset=/.html5rocks.com/gfwlist
-server=/.htmldog.com/127.0.0.1#5353
-ipset=/.htmldog.com/gfwlist
-server=/.huaglad.com/127.0.0.1#5353
-ipset=/.huaglad.com/gfwlist
-server=/.huanghuagang.org/127.0.0.1#5353
-ipset=/.huanghuagang.org/gfwlist
-server=/.huaren.us/127.0.0.1#5353
-ipset=/.huaren.us/gfwlist
-server=/.huaxiabao.org/127.0.0.1#5353
-ipset=/.huaxiabao.org/gfwlist
-server=/.huaxia-news.com/127.0.0.1#5353
-ipset=/.huaxia-news.com/gfwlist
-server=/.huaxin.ph/127.0.0.1#5353
-ipset=/.huaxin.ph/gfwlist
-server=/.hua-yue.net/127.0.0.1#5353
-ipset=/.hua-yue.net/gfwlist
-server=/.huayuworld.org/127.0.0.1#5353
-ipset=/.huayuworld.org/gfwlist
-server=/.hudatoriq.web.id/127.0.0.1#5353
-ipset=/.hudatoriq.web.id/gfwlist
-server=/.huffingtonpost.com/127.0.0.1#5353
-ipset=/.huffingtonpost.com/gfwlist
-server=/.hugoroy.eu/127.0.0.1#5353
-ipset=/.hugoroy.eu/gfwlist
-server=/.huhaitai.com/127.0.0.1#5353
-ipset=/.huhaitai.com/gfwlist
-server=/.huhamhire.com/127.0.0.1#5353
-ipset=/.huhamhire.com/gfwlist
-server=/.hulu.com/127.0.0.1#5353
-ipset=/.hulu.com/gfwlist
-server=/.huluim.com/127.0.0.1#5353
-ipset=/.huluim.com/gfwlist
-server=/.humanrightsbriefing.org/127.0.0.1#5353
-ipset=/.humanrightsbriefing.org/gfwlist
-server=/.hungerstrikeforaids.org/127.0.0.1#5353
-ipset=/.hungerstrikeforaids.org/gfwlist
-server=/.hung-ya.com/127.0.0.1#5353
-ipset=/.hung-ya.com/gfwlist
-server=/.huping.net/127.0.0.1#5353
-ipset=/.huping.net/gfwlist
-server=/.hustlercash.com/127.0.0.1#5353
-ipset=/.hustlercash.com/gfwlist
-server=/.hutianyi.net/127.0.0.1#5353
-ipset=/.hutianyi.net/gfwlist
-server=/.hutong9.net/127.0.0.1#5353
-ipset=/.hutong9.net/gfwlist
-server=/.hwinfo.com/127.0.0.1#5353
-ipset=/.hwinfo.com/gfwlist
-server=/.hxwq.org/127.0.0.1#5353
-ipset=/.hxwq.org/gfwlist
-server=/.hybrid-analysis.com/127.0.0.1#5353
-ipset=/.hybrid-analysis.com/gfwlist
-server=/.hyperrate.com/127.0.0.1#5353
-ipset=/.hyperrate.com/gfwlist
-server=/.hypeshell.com/127.0.0.1#5353
-ipset=/.hypeshell.com/gfwlist
-server=/.i1.hk/127.0.0.1#5353
-ipset=/.i1.hk/gfwlist
-server=/.i2p2.de/127.0.0.1#5353
-ipset=/.i2p2.de/gfwlist
-server=/.i2runner.com/127.0.0.1#5353
-ipset=/.i2runner.com/gfwlist
-server=/.iam.soy/127.0.0.1#5353
-ipset=/.iam.soy/gfwlist
-server=/.iask.bz/127.0.0.1#5353
-ipset=/.iask.bz/gfwlist
-server=/.iask.ca/127.0.0.1#5353
-ipset=/.iask.ca/gfwlist
-server=/.ibiblio.org/127.0.0.1#5353
-ipset=/.ibiblio.org/gfwlist
-server=/.iblogserv-f.net/127.0.0.1#5353
-ipset=/.iblogserv-f.net/gfwlist
-server=/.ibros.org/127.0.0.1#5353
-ipset=/.ibros.org/gfwlist
-server=/.ibvpn.com/127.0.0.1#5353
-ipset=/.ibvpn.com/gfwlist
-server=/.i-cable.com/127.0.0.1#5353
-ipset=/.i-cable.com/gfwlist
-server=/.icij.org/127.0.0.1#5353
-ipset=/.icij.org/gfwlist
-server=/.icl-fi.org/127.0.0.1#5353
-ipset=/.icl-fi.org/gfwlist
-server=/.icoco.com/127.0.0.1#5353
-ipset=/.icoco.com/gfwlist
-server=/.iconfactory.com/127.0.0.1#5353
-ipset=/.iconfactory.com/gfwlist
-server=/.iconpaper.org/127.0.0.1#5353
-ipset=/.iconpaper.org/gfwlist
-server=/.icu-project.org/127.0.0.1#5353
-ipset=/.icu-project.org/gfwlist
-server=/.id.hao123.com/127.0.0.1#5353
-ipset=/.id.hao123.com/gfwlist
-server=/.idemocracy.asia/127.0.0.1#5353
-ipset=/.idemocracy.asia/gfwlist
-server=/.identi.ca/127.0.0.1#5353
-ipset=/.identi.ca/gfwlist
-server=/.idiomconnection.com/127.0.0.1#5353
-ipset=/.idiomconnection.com/gfwlist
-server=/.idouga.com/127.0.0.1#5353
-ipset=/.idouga.com/gfwlist
-server=/.idreamx.com/127.0.0.1#5353
-ipset=/.idreamx.com/gfwlist
-server=/.ieasynews.net/127.0.0.1#5353
-ipset=/.ieasynews.net/gfwlist
-server=/.ied2k.net/127.0.0.1#5353
-ipset=/.ied2k.net/gfwlist
-server=/.ienergy1.com/127.0.0.1#5353
-ipset=/.ienergy1.com/gfwlist
-server=/.if.ttt/127.0.0.1#5353
-ipset=/.if.ttt/gfwlist
-server=/.ifan.cz.cc/127.0.0.1#5353
-ipset=/.ifan.cz.cc/gfwlist
-server=/.ifanqiang.com/127.0.0.1#5353
-ipset=/.ifanqiang.com/gfwlist
-server=/.ifanr.com/127.0.0.1#5353
-ipset=/.ifanr.com/gfwlist
-server=/.ifcss.org/127.0.0.1#5353
-ipset=/.ifcss.org/gfwlist
-server=/.ifjc.org/127.0.0.1#5353
-ipset=/.ifjc.org/gfwlist
-server=/.ifreewares.com/127.0.0.1#5353
-ipset=/.ifreewares.com/gfwlist
-server=/.ift.tt/127.0.0.1#5353
-ipset=/.ift.tt/gfwlist
-server=/.igfw.net/127.0.0.1#5353
-ipset=/.igfw.net/gfwlist
-server=/.ignitedetroit.net/127.0.0.1#5353
-ipset=/.ignitedetroit.net/gfwlist
-server=/.igvita.com/127.0.0.1#5353
-ipset=/.igvita.com/gfwlist
-server=/.ihakka.net/127.0.0.1#5353
-ipset=/.ihakka.net/gfwlist
-server=/.iicns.com/127.0.0.1#5353
-ipset=/.iicns.com/gfwlist
-server=/.illusionfactory.com/127.0.0.1#5353
-ipset=/.illusionfactory.com/gfwlist
-server=/.ilove80.be/127.0.0.1#5353
-ipset=/.ilove80.be/gfwlist
-server=/.ilovelongtoes.com/127.0.0.1#5353
-ipset=/.ilovelongtoes.com/gfwlist
-server=/.im.tv/127.0.0.1#5353
-ipset=/.im.tv/gfwlist
-server=/.imgaa.com/127.0.0.1#5353
-ipset=/.imgaa.com/gfwlist
-server=/.imagefap.com/127.0.0.1#5353
-ipset=/.imagefap.com/gfwlist
-server=/.imageflea.com/127.0.0.1#5353
-ipset=/.imageflea.com/gfwlist
-server=/.imageshack.us/127.0.0.1#5353
-ipset=/.imageshack.us/gfwlist
-server=/.imageshot.eu/127.0.0.1#5353
-ipset=/.imageshot.eu/gfwlist
-server=/.imagevenue.com/127.0.0.1#5353
-ipset=/.imagevenue.com/gfwlist
-server=/.imagezilla.net/127.0.0.1#5353
-ipset=/.imagezilla.net/gfwlist
-server=/.img.dlsite.jp/127.0.0.1#5353
-ipset=/.img.dlsite.jp/gfwlist
-server=/.img.ly/127.0.0.1#5353
-ipset=/.img.ly/gfwlist
-server=/.imgmega.com/127.0.0.1#5353
-ipset=/.imgmega.com/gfwlist
-server=/.imkev.com/127.0.0.1#5353
-ipset=/.imkev.com/gfwlist
-server=/.imlive.com/127.0.0.1#5353
-ipset=/.imlive.com/gfwlist
-server=/.impp.mn/127.0.0.1#5353
-ipset=/.impp.mn/gfwlist
-server=/.incredibox.fr/127.0.0.1#5353
-ipset=/.incredibox.fr/gfwlist
-server=/.indiemerch.com/127.0.0.1#5353
-ipset=/.indiemerch.com/gfwlist
-server=/.info-graf.fr/127.0.0.1#5353
-ipset=/.info-graf.fr/gfwlist
-server=/.initiativesforchina.org/127.0.0.1#5353
-ipset=/.initiativesforchina.org/gfwlist
-server=/.inmediahk.net/127.0.0.1#5353
-ipset=/.inmediahk.net/gfwlist
-server=/.innermongolia.org/127.0.0.1#5353
-ipset=/.innermongolia.org/gfwlist
-server=/.instagram.com/127.0.0.1#5353
-ipset=/.instagram.com/gfwlist
-server=/.interfaceaddiction.com/127.0.0.1#5353
-ipset=/.interfaceaddiction.com/gfwlist
-server=/.internationalrivers.org/127.0.0.1#5353
-ipset=/.internationalrivers.org/gfwlist
-server=/.internet.org/127.0.0.1#5353
-ipset=/.internet.org/gfwlist
-server=/.internetdefenseleague.org/127.0.0.1#5353
-ipset=/.internetdefenseleague.org/gfwlist
-server=/.internetfreedom.org/127.0.0.1#5353
-ipset=/.internetfreedom.org/gfwlist
-server=/.internetpopculture.com/127.0.0.1#5353
-ipset=/.internetpopculture.com/gfwlist
-server=/.inxian.com/127.0.0.1#5353
-ipset=/.inxian.com/gfwlist
-server=/.ipalter.com/127.0.0.1#5353
-ipset=/.ipalter.com/gfwlist
-server=/.iphone4hongkong.com/127.0.0.1#5353
-ipset=/.iphone4hongkong.com/gfwlist
-server=/.iphonehacks.com/127.0.0.1#5353
-ipset=/.iphonehacks.com/gfwlist
-server=/.iphonix.fr/127.0.0.1#5353
-ipset=/.iphonix.fr/gfwlist
-server=/.ipicture.ru/127.0.0.1#5353
-ipset=/.ipicture.ru/gfwlist
-server=/.iportal.me/127.0.0.1#5353
-ipset=/.iportal.me/gfwlist
-server=/.ippotv.com/127.0.0.1#5353
-ipset=/.ippotv.com/gfwlist
-server=/.ipredator.se/127.0.0.1#5353
-ipset=/.ipredator.se/gfwlist
-server=/.iptorrents.com/127.0.0.1#5353
-ipset=/.iptorrents.com/gfwlist
-server=/.ipvanish.com/127.0.0.1#5353
-ipset=/.ipvanish.com/gfwlist
-server=/.iredmail.org/127.0.0.1#5353
-ipset=/.iredmail.org/gfwlist
-server=/.ironbigfools.compython.net/127.0.0.1#5353
-ipset=/.ironbigfools.compython.net/gfwlist
-server=/.ironicsoftware.com/127.0.0.1#5353
-ipset=/.ironicsoftware.com/gfwlist
-server=/.ironpython.net/127.0.0.1#5353
-ipset=/.ironpython.net/gfwlist
-server=/.isaacmao.com/127.0.0.1#5353
-ipset=/.isaacmao.com/gfwlist
-server=/.isgreat.org/127.0.0.1#5353
-ipset=/.isgreat.org/gfwlist
-server=/.islam.org.hk/127.0.0.1#5353
-ipset=/.islam.org.hk/gfwlist
-server=/.islamawareness.net/127.0.0.1#5353
-ipset=/.islamawareness.net/gfwlist
-server=/.islamicity.com/127.0.0.1#5353
-ipset=/.islamicity.com/gfwlist
-server=/.ismaelan.com/127.0.0.1#5353
-ipset=/.ismaelan.com/gfwlist
-server=/.ismalltits.com/127.0.0.1#5353
-ipset=/.ismalltits.com/gfwlist
-server=/.ismprofessional.net/127.0.0.1#5353
-ipset=/.ismprofessional.net/gfwlist
-server=/.isohunt.com/127.0.0.1#5353
-ipset=/.isohunt.com/gfwlist
-server=/.israbox.com/127.0.0.1#5353
-ipset=/.israbox.com/gfwlist
-server=/.istockphoto.com/127.0.0.1#5353
-ipset=/.istockphoto.com/gfwlist
-server=/.isunaffairs.com/127.0.0.1#5353
-ipset=/.isunaffairs.com/gfwlist
-server=/.isuntv.com/127.0.0.1#5353
-ipset=/.isuntv.com/gfwlist
-server=/.itaboo.info/127.0.0.1#5353
-ipset=/.itaboo.info/gfwlist
-server=/.italiatibet.org/127.0.0.1#5353
-ipset=/.italiatibet.org/gfwlist
-server=/.its.caltech.edu/127.0.0.1#5353
-ipset=/.its.caltech.edu/gfwlist
-server=/.itshidden.com/127.0.0.1#5353
-ipset=/.itshidden.com/gfwlist
-server=/.itsky.it/127.0.0.1#5353
-ipset=/.itsky.it/gfwlist
-server=/.itweet.net/127.0.0.1#5353
-ipset=/.itweet.net/gfwlist
-server=/.iu45.com/127.0.0.1#5353
-ipset=/.iu45.com/gfwlist
-server=/.iuhrdf.org/127.0.0.1#5353
-ipset=/.iuhrdf.org/gfwlist
-server=/.iuksky.com/127.0.0.1#5353
-ipset=/.iuksky.com/gfwlist
-server=/.ivacy.com/127.0.0.1#5353
-ipset=/.ivacy.com/gfwlist
-server=/.iverycd.com/127.0.0.1#5353
-ipset=/.iverycd.com/gfwlist
-server=/.ivpn.net/127.0.0.1#5353
-ipset=/.ivpn.net/gfwlist
-server=/.ixquick.com/127.0.0.1#5353
-ipset=/.ixquick.com/gfwlist
-server=/.iyouport.com/127.0.0.1#5353
-ipset=/.iyouport.com/gfwlist
-server=/.izaobao.us/127.0.0.1#5353
-ipset=/.izaobao.us/gfwlist
-server=/.izles.net/127.0.0.1#5353
-ipset=/.izles.net/gfwlist
-server=/.j.mp/127.0.0.1#5353
-ipset=/.j.mp/gfwlist
-server=/.jamyangnorbu.com/127.0.0.1#5353
-ipset=/.jamyangnorbu.com/gfwlist
-server=/.japanfirst.asianfreeforum.com/127.0.0.1#5353
-ipset=/.japanfirst.asianfreeforum.com/gfwlist
-server=/.japan-whores.com/127.0.0.1#5353
-ipset=/.japan-whores.com/gfwlist
-server=/.jav68.tv/127.0.0.1#5353
-ipset=/.jav68.tv/gfwlist
-server=/.javakiba.org/127.0.0.1#5353
-ipset=/.javakiba.org/gfwlist
-server=/.javbus.com/127.0.0.1#5353
-ipset=/.javbus.com/gfwlist
-server=/.javfor.me/127.0.0.1#5353
-ipset=/.javfor.me/gfwlist
-server=/.javhip.com/127.0.0.1#5353
-ipset=/.javhip.com/gfwlist
-server=/.javhub.net/127.0.0.1#5353
-ipset=/.javhub.net/gfwlist
-server=/.javhuge.com/127.0.0.1#5353
-ipset=/.javhuge.com/gfwlist
-server=/.javlibrary.com/127.0.0.1#5353
-ipset=/.javlibrary.com/gfwlist
-server=/.javmoo.com/127.0.0.1#5353
-ipset=/.javmoo.com/gfwlist
-server=/.javseen.com/127.0.0.1#5353
-ipset=/.javseen.com/gfwlist
-server=/.jbtalks.cc/127.0.0.1#5353
-ipset=/.jbtalks.cc/gfwlist
-server=/.jbtalks.com/127.0.0.1#5353
-ipset=/.jbtalks.com/gfwlist
-server=/.jbtalks.my/127.0.0.1#5353
-ipset=/.jbtalks.my/gfwlist
-server=/.jdwsy.com/127.0.0.1#5353
-ipset=/.jdwsy.com/gfwlist
-server=/.jeanyim.com/127.0.0.1#5353
-ipset=/.jeanyim.com/gfwlist
-server=/.jgoodies.com/127.0.0.1#5353
-ipset=/.jgoodies.com/gfwlist
-server=/.jiangweiping.com/127.0.0.1#5353
-ipset=/.jiangweiping.com/gfwlist
-server=/.jiaoyou8.com/127.0.0.1#5353
-ipset=/.jiaoyou8.com/gfwlist
-server=/.jiehua.cz/127.0.0.1#5353
-ipset=/.jiehua.cz/gfwlist
-server=/.jieshibaobao.com/127.0.0.1#5353
-ipset=/.jieshibaobao.com/gfwlist
-server=/.jigong1024.com/127.0.0.1#5353
-ipset=/.jigong1024.com/gfwlist
-server=/.jinbushe.org/127.0.0.1#5353
-ipset=/.jinbushe.org/gfwlist
-server=/.jingpin.org/127.0.0.1#5353
-ipset=/.jingpin.org/gfwlist
-server=/.jingsim.org/127.0.0.1#5353
-ipset=/.jingsim.org/gfwlist
-server=/.jitouch.com/127.0.0.1#5353
-ipset=/.jitouch.com/gfwlist
-server=/.jizzthis.com/127.0.0.1#5353
-ipset=/.jizzthis.com/gfwlist
-server=/.jjgirls.com/127.0.0.1#5353
-ipset=/.jjgirls.com/gfwlist
-server=/.jkforum.net/127.0.0.1#5353
-ipset=/.jkforum.net/gfwlist
-server=/.jma.go.jp/127.0.0.1#5353
-ipset=/.jma.go.jp/gfwlist
-server=/.joachims.org/127.0.0.1#5353
-ipset=/.joachims.org/gfwlist
-server=/.jobso.tv/127.0.0.1#5353
-ipset=/.jobso.tv/gfwlist
-server=/.joeedelman.com/127.0.0.1#5353
-ipset=/.joeedelman.com/gfwlist
-server=/.journalofdemocracy.org/127.0.0.1#5353
-ipset=/.journalofdemocracy.org/gfwlist
-server=/.jp.hao123.com/127.0.0.1#5353
-ipset=/.jp.hao123.com/gfwlist
-server=/.jpl.nasa.gov/127.0.0.1#5353
-ipset=/.jpl.nasa.gov/gfwlist
-server=/.jpopforum.net/127.0.0.1#5353
-ipset=/.jpopforum.net/gfwlist
-server=/.juhuaren.com/127.0.0.1#5353
-ipset=/.juhuaren.com/gfwlist
-server=/.juliepost.com/127.0.0.1#5353
-ipset=/.juliepost.com/gfwlist
-server=/.juliereyc.com/127.0.0.1#5353
-ipset=/.juliereyc.com/gfwlist
-server=/.junauza.com/127.0.0.1#5353
-ipset=/.junauza.com/gfwlist
-server=/.june4commemoration.org/127.0.0.1#5353
-ipset=/.june4commemoration.org/gfwlist
-server=/.junefourth-20.net/127.0.0.1#5353
-ipset=/.junefourth-20.net/gfwlist
-server=/.justfreevpn.com/127.0.0.1#5353
-ipset=/.justfreevpn.com/gfwlist
-server=/.justicefortenzin.org/127.0.0.1#5353
-ipset=/.justicefortenzin.org/gfwlist
-server=/.justpaste.it/127.0.0.1#5353
-ipset=/.justpaste.it/gfwlist
-server=/.justtristan.com/127.0.0.1#5353
-ipset=/.justtristan.com/gfwlist
-server=/.juyuange.org/127.0.0.1#5353
-ipset=/.juyuange.org/gfwlist
-server=/.juziyue.com/127.0.0.1#5353
-ipset=/.juziyue.com/gfwlist
-server=/.jwmusic.org/127.0.0.1#5353
-ipset=/.jwmusic.org/gfwlist
-server=/.jyxf.net/127.0.0.1#5353
-ipset=/.jyxf.net/gfwlist
-server=/.k2.xrea.com/127.0.0.1#5353
-ipset=/.k2.xrea.com/gfwlist
-server=/.kagyuoffice.org/127.0.0.1#5353
-ipset=/.kagyuoffice.org/gfwlist
-server=/.kaiyuan.de/127.0.0.1#5353
-ipset=/.kaiyuan.de/gfwlist
-server=/.kakao.com/127.0.0.1#5353
-ipset=/.kakao.com/gfwlist
-server=/.kanshifang.com/127.0.0.1#5353
-ipset=/.kanshifang.com/gfwlist
-server=/.kanzhongguo.com/127.0.0.1#5353
-ipset=/.kanzhongguo.com/gfwlist
-server=/.kanzhongguo.eu/127.0.0.1#5353
-ipset=/.kanzhongguo.eu/gfwlist
-server=/.karayou.com/127.0.0.1#5353
-ipset=/.karayou.com/gfwlist
-server=/.karkhung.com/127.0.0.1#5353
-ipset=/.karkhung.com/gfwlist
-server=/.karmapa-teachings.org/127.0.0.1#5353
-ipset=/.karmapa-teachings.org/gfwlist
-server=/.ka-wai.com/127.0.0.1#5353
-ipset=/.ka-wai.com/gfwlist
-server=/.kawaiikawaii.jp/127.0.0.1#5353
-ipset=/.kawaiikawaii.jp/gfwlist
-server=/.kba-tx.org/127.0.0.1#5353
-ipset=/.kba-tx.org/gfwlist
-server=/.kcsoftwares.com/127.0.0.1#5353
-ipset=/.kcsoftwares.com/gfwlist
-server=/.kebrum.com/127.0.0.1#5353
-ipset=/.kebrum.com/gfwlist
-server=/.kechara.com/127.0.0.1#5353
-ipset=/.kechara.com/gfwlist
-server=/.keepandshare.com/127.0.0.1#5353
-ipset=/.keepandshare.com/gfwlist
-server=/.keepvid.com/127.0.0.1#5353
-ipset=/.keepvid.com/gfwlist
-server=/.kendincos.net/127.0.0.1#5353
-ipset=/.kendincos.net/gfwlist
-server=/.kenengba.com/127.0.0.1#5353
-ipset=/.kenengba.com/gfwlist
-server=/.keontech.net/127.0.0.1#5353
-ipset=/.keontech.net/gfwlist
-server=/.kepard.com/127.0.0.1#5353
-ipset=/.kepard.com/gfwlist
-server=/.khabdha.org/127.0.0.1#5353
-ipset=/.khabdha.org/gfwlist
-server=/.killwall.com/127.0.0.1#5353
-ipset=/.killwall.com/gfwlist
-server=/.kindleren.com/127.0.0.1#5353
-ipset=/.kindleren.com/gfwlist
-server=/.kineox.free.fr/127.0.0.1#5353
-ipset=/.kineox.free.fr/gfwlist
-server=/.kingdomsalvation.org/127.0.0.1#5353
-ipset=/.kingdomsalvation.org/gfwlist
-server=/.kinghost.com/127.0.0.1#5353
-ipset=/.kinghost.com/gfwlist
-server=/.kir.jp/127.0.0.1#5353
-ipset=/.kir.jp/gfwlist
-server=/.kissbbao.cn/127.0.0.1#5353
-ipset=/.kissbbao.cn/gfwlist
-server=/.kiwi.kz/127.0.0.1#5353
-ipset=/.kiwi.kz/gfwlist
-server=/.knowledgerush.com/127.0.0.1#5353
-ipset=/.knowledgerush.com/gfwlist
-server=/.kodingen.com/127.0.0.1#5353
-ipset=/.kodingen.com/gfwlist
-server=/.kompozer.net/127.0.0.1#5353
-ipset=/.kompozer.net/gfwlist
-server=/.konachan.com/127.0.0.1#5353
-ipset=/.konachan.com/gfwlist
-server=/.koolsolutions.com/127.0.0.1#5353
-ipset=/.koolsolutions.com/gfwlist
-server=/.koornk.com/127.0.0.1#5353
-ipset=/.koornk.com/gfwlist
-server=/.kui.name/127.0.0.1#5353
-ipset=/.kui.name/gfwlist
-server=/.kuliwang.com/127.0.0.1#5353
-ipset=/.kuliwang.com/gfwlist
-server=/.kun.im/127.0.0.1#5353
-ipset=/.kun.im/gfwlist
-server=/.kurashsultan.com/127.0.0.1#5353
-ipset=/.kurashsultan.com/gfwlist
-server=/.kurtmunger.com/127.0.0.1#5353
-ipset=/.kurtmunger.com/gfwlist
-server=/.kusocity.com/127.0.0.1#5353
-ipset=/.kusocity.com/gfwlist
-server=/.kwcg.ca/127.0.0.1#5353
-ipset=/.kwcg.ca/gfwlist
-server=/.kwongwah.com.my/127.0.0.1#5353
-ipset=/.kwongwah.com.my/gfwlist
-server=/.kyohk.net/127.0.0.1#5353
-ipset=/.kyohk.net/gfwlist
-server=/.kzeng.info/127.0.0.1#5353
-ipset=/.kzeng.info/gfwlist
-server=/.labiennale.org/127.0.0.1#5353
-ipset=/.labiennale.org/gfwlist
-server=/.ladbrokes.com/127.0.0.1#5353
-ipset=/.ladbrokes.com/gfwlist
-server=/.la-forum.org/127.0.0.1#5353
-ipset=/.la-forum.org/gfwlist
-server=/.lagranepoca.com/127.0.0.1#5353
-ipset=/.lagranepoca.com/gfwlist
-server=/.lalulalu.com/127.0.0.1#5353
-ipset=/.lalulalu.com/gfwlist
-server=/.lamnia.co.uk/127.0.0.1#5353
-ipset=/.lamnia.co.uk/gfwlist
-server=/.lamrim.com/127.0.0.1#5353
-ipset=/.lamrim.com/gfwlist
-server=/.lantosfoundation.org/127.0.0.1#5353
-ipset=/.lantosfoundation.org/gfwlist
-server=/.laogai.org/127.0.0.1#5353
-ipset=/.laogai.org/gfwlist
-server=/.laomiu.com/127.0.0.1#5353
-ipset=/.laomiu.com/gfwlist
-server=/.laoyang.info/127.0.0.1#5353
-ipset=/.laoyang.info/gfwlist
-server=/.laptoplockdown.com/127.0.0.1#5353
-ipset=/.laptoplockdown.com/gfwlist
-server=/.laqingdan.net/127.0.0.1#5353
-ipset=/.laqingdan.net/gfwlist
-server=/.larsgeorge.com/127.0.0.1#5353
-ipset=/.larsgeorge.com/gfwlist
-server=/.lastfm.es/127.0.0.1#5353
-ipset=/.lastfm.es/gfwlist
-server=/.latelinenews.com/127.0.0.1#5353
-ipset=/.latelinenews.com/gfwlist
-server=/.latibet.org/127.0.0.1#5353
-ipset=/.latibet.org/gfwlist
-server=/.lazarsearlymusic.com/127.0.0.1#5353
-ipset=/.lazarsearlymusic.com/gfwlist
-server=/.ld.hao123img.com/127.0.0.1#5353
-ipset=/.ld.hao123img.com/gfwlist
-server=/.leecheukyan.org/127.0.0.1#5353
-ipset=/.leecheukyan.org/gfwlist
-server=/.lefora.com/127.0.0.1#5353
-ipset=/.lefora.com/gfwlist
-server=/.left21.hk/127.0.0.1#5353
-ipset=/.left21.hk/gfwlist
-server=/.legaltech.law.com/127.0.0.1#5353
-ipset=/.legaltech.law.com/gfwlist
-server=/.leirentv.ca/127.0.0.1#5353
-ipset=/.leirentv.ca/gfwlist
-server=/.leisurecafe.ca/127.0.0.1#5353
-ipset=/.leisurecafe.ca/gfwlist
-server=/.lematin.ch/127.0.0.1#5353
-ipset=/.lematin.ch/gfwlist
-server=/.lemonde.fr/127.0.0.1#5353
-ipset=/.lemonde.fr/gfwlist
-server=/.lenwhite.com/127.0.0.1#5353
-ipset=/.lenwhite.com/gfwlist
-server=/.lerosua.org/127.0.0.1#5353
-ipset=/.lerosua.org/gfwlist
-server=/.lesoir.be/127.0.0.1#5353
-ipset=/.lesoir.be/gfwlist
-server=/.lesscss.org/127.0.0.1#5353
-ipset=/.lesscss.org/gfwlist
-server=/.letscorp.net/127.0.0.1#5353
-ipset=/.letscorp.net/gfwlist
-server=/.le-vpn.com/127.0.0.1#5353
-ipset=/.le-vpn.com/gfwlist
-server=/.liangyou.net/127.0.0.1#5353
-ipset=/.liangyou.net/gfwlist
-server=/.lianyue.net/127.0.0.1#5353
-ipset=/.lianyue.net/gfwlist
-server=/.liaowangxizang.net/127.0.0.1#5353
-ipset=/.liaowangxizang.net/gfwlist
-server=/.liberal.org.hk/127.0.0.1#5353
-ipset=/.liberal.org.hk/gfwlist
-server=/.library.usc.cuhk.edu.hk/127.0.0.1#5353
-ipset=/.library.usc.cuhk.edu.hk/gfwlist
-server=/.lidecheng.com/127.0.0.1#5353
-ipset=/.lidecheng.com/gfwlist
-server=/.like.com/127.0.0.1#5353
-ipset=/.like.com/gfwlist
-server=/.limiao.net/127.0.0.1#5353
-ipset=/.limiao.net/gfwlist
-server=/.line.me/127.0.0.1#5353
-ipset=/.line.me/gfwlist
-server=/.linglingfa.com/127.0.0.1#5353
-ipset=/.linglingfa.com/gfwlist
-server=/.lingvodics.com/127.0.0.1#5353
-ipset=/.lingvodics.com/gfwlist
-server=/.linkideo.com/127.0.0.1#5353
-ipset=/.linkideo.com/gfwlist
-server=/.linkuswell.com/127.0.0.1#5353
-ipset=/.linkuswell.com/gfwlist
-server=/.linuxconfig.org/127.0.0.1#5353
-ipset=/.linuxconfig.org/gfwlist
-server=/.linux-engineer.net/127.0.0.1#5353
-ipset=/.linux-engineer.net/gfwlist
-server=/.linuxreviews.org/127.0.0.1#5353
-ipset=/.linuxreviews.org/gfwlist
-server=/.linuxtoy.org/127.0.0.1#5353
-ipset=/.linuxtoy.org/gfwlist
-server=/.lipuman.com/127.0.0.1#5353
-ipset=/.lipuman.com/gfwlist
-server=/.list.ly/127.0.0.1#5353
-ipset=/.list.ly/gfwlist
-server=/.listentoyoutube.com/127.0.0.1#5353
-ipset=/.listentoyoutube.com/gfwlist
-server=/.listorious.com/127.0.0.1#5353
-ipset=/.listorious.com/gfwlist
-server=/.lists.debian.org/127.0.0.1#5353
-ipset=/.lists.debian.org/gfwlist
-server=/.lists.w3.org/127.0.0.1#5353
-ipset=/.lists.w3.org/gfwlist
-server=/.liu.lu/127.0.0.1#5353
-ipset=/.liu.lu/gfwlist
-server=/.liudejun.com/127.0.0.1#5353
-ipset=/.liudejun.com/gfwlist
-server=/.liuhanyu.com/127.0.0.1#5353
-ipset=/.liuhanyu.com/gfwlist
-server=/.liujianshu.com/127.0.0.1#5353
-ipset=/.liujianshu.com/gfwlist
-server=/.liuxiaotong.com/127.0.0.1#5353
-ipset=/.liuxiaotong.com/gfwlist
-server=/.liveleak.com/127.0.0.1#5353
-ipset=/.liveleak.com/gfwlist
-server=/.livestation.com/127.0.0.1#5353
-ipset=/.livestation.com/gfwlist
-server=/.livestream.com/127.0.0.1#5353
-ipset=/.livestream.com/gfwlist
-server=/.livevideo.com/127.0.0.1#5353
-ipset=/.livevideo.com/gfwlist
-server=/.livingonline.us/127.0.0.1#5353
-ipset=/.livingonline.us/gfwlist
-server=/.livingstream.com/127.0.0.1#5353
-ipset=/.livingstream.com/gfwlist
-server=/.lizhizhuangbi.com/127.0.0.1#5353
-ipset=/.lizhizhuangbi.com/gfwlist
-server=/.lkcn.net/127.0.0.1#5353
-ipset=/.lkcn.net/gfwlist
-server=/.localdomain.ws/127.0.0.1#5353
-ipset=/.localdomain.ws/gfwlist
-server=/.localpresshk.com/127.0.0.1#5353
-ipset=/.localpresshk.com/gfwlist
-server=/.lockdown.com/127.0.0.1#5353
-ipset=/.lockdown.com/gfwlist
-server=/.lockestek.com/127.0.0.1#5353
-ipset=/.lockestek.com/gfwlist
-server=/.lofi.e-hentai.org/127.0.0.1#5353
-ipset=/.lofi.e-hentai.org/gfwlist
-server=/.log.riku.me/127.0.0.1#5353
-ipset=/.log.riku.me/gfwlist
-server=/.logbot.net/127.0.0.1#5353
-ipset=/.logbot.net/gfwlist
-server=/.logiqx.com/127.0.0.1#5353
-ipset=/.logiqx.com/gfwlist
-server=/.logmike.com/127.0.0.1#5353
-ipset=/.logmike.com/gfwlist
-server=/.londonchinese.ca/127.0.0.1#5353
-ipset=/.londonchinese.ca/gfwlist
-server=/.longhair.hk/127.0.0.1#5353
-ipset=/.longhair.hk/gfwlist
-server=/.longtermly.net/127.0.0.1#5353
-ipset=/.longtermly.net/gfwlist
-server=/.longtoes.com/127.0.0.1#5353
-ipset=/.longtoes.com/gfwlist
-server=/.lookatgame.com/127.0.0.1#5353
-ipset=/.lookatgame.com/gfwlist
-server=/.lookingglasstheatre.org/127.0.0.1#5353
-ipset=/.lookingglasstheatre.org/gfwlist
-server=/.lookpic.com/127.0.0.1#5353
-ipset=/.lookpic.com/gfwlist
-server=/.looktoronto.com/127.0.0.1#5353
-ipset=/.looktoronto.com/gfwlist
-server=/.lotsawahouse.org/127.0.0.1#5353
-ipset=/.lotsawahouse.org/gfwlist
-server=/.lotuslight.org.hk/127.0.0.1#5353
-ipset=/.lotuslight.org.hk/gfwlist
-server=/.lrfz.com/127.0.0.1#5353
-ipset=/.lrfz.com/gfwlist
-server=/.lrip.org/127.0.0.1#5353
-ipset=/.lrip.org/gfwlist
-server=/.lsd.org.hk/127.0.0.1#5353
-ipset=/.lsd.org.hk/gfwlist
-server=/.lsforum.net/127.0.0.1#5353
-ipset=/.lsforum.net/gfwlist
-server=/.lsm.org/127.0.0.1#5353
-ipset=/.lsm.org/gfwlist
-server=/.lsmchinese.org/127.0.0.1#5353
-ipset=/.lsmchinese.org/gfwlist
-server=/.lsmkorean.org/127.0.0.1#5353
-ipset=/.lsmkorean.org/gfwlist
-server=/.lsmradio.com/127.0.0.1#5353
-ipset=/.lsmradio.com/gfwlist
-server=/.lsmwebcast.com/127.0.0.1#5353
-ipset=/.lsmwebcast.com/gfwlist
-server=/.lsxszzg.com/127.0.0.1#5353
-ipset=/.lsxszzg.com/gfwlist
-server=/.luke54.com/127.0.0.1#5353
-ipset=/.luke54.com/gfwlist
-server=/.luke54.org/127.0.0.1#5353
-ipset=/.luke54.org/gfwlist
-server=/.lupm.org/127.0.0.1#5353
-ipset=/.lupm.org/gfwlist
-server=/.lushstories.com/127.0.0.1#5353
-ipset=/.lushstories.com/gfwlist
-server=/.lvhai.org/127.0.0.1#5353
-ipset=/.lvhai.org/gfwlist
-server=/.lvv2.com/127.0.0.1#5353
-ipset=/.lvv2.com/gfwlist
-server=/.m.plixi.com/127.0.0.1#5353
-ipset=/.m.plixi.com/gfwlist
-server=/.m.slandr.net/127.0.0.1#5353
-ipset=/.m.slandr.net/gfwlist
-server=/.ma.hao123.com/127.0.0.1#5353
-ipset=/.ma.hao123.com/gfwlist
-server=/.macgamestore.com/127.0.0.1#5353
-ipset=/.macgamestore.com/gfwlist
-server=/.mad-ar.ch/127.0.0.1#5353
-ipset=/.mad-ar.ch/gfwlist
-server=/.madonna-av.com/127.0.0.1#5353
-ipset=/.madonna-av.com/gfwlist
-server=/.magic-net.info/127.0.0.1#5353
-ipset=/.magic-net.info/gfwlist
-server=/.mahabodhi.org/127.0.0.1#5353
-ipset=/.mahabodhi.org/gfwlist
-server=/.maiio.net/127.0.0.1#5353
-ipset=/.maiio.net/gfwlist
-server=/.mail-archive.com/127.0.0.1#5353
-ipset=/.mail-archive.com/gfwlist
-server=/.maiplus.com/127.0.0.1#5353
-ipset=/.maiplus.com/gfwlist
-server=/.makemymood.com/127.0.0.1#5353
-ipset=/.makemymood.com/gfwlist
-server=/.makzhou.warehouse333.com/127.0.0.1#5353
-ipset=/.makzhou.warehouse333.com/gfwlist
-server=/.malaysiakini.com/127.0.0.1#5353
-ipset=/.malaysiakini.com/gfwlist
-server=/.manicur4ik.ru/127.0.0.1#5353
-ipset=/.manicur4ik.ru/gfwlist
-server=/.marc.info/127.0.0.1#5353
-ipset=/.marc.info/gfwlist
-server=/.marguerite.su/127.0.0.1#5353
-ipset=/.marguerite.su/gfwlist
-server=/.marines.mil/127.0.0.1#5353
-ipset=/.marines.mil/gfwlist
-server=/.markmail.org/127.0.0.1#5353
-ipset=/.markmail.org/gfwlist
-server=/.markmilian.com/127.0.0.1#5353
-ipset=/.markmilian.com/gfwlist
-server=/.martau.com/127.0.0.1#5353
-ipset=/.martau.com/gfwlist
-server=/.martincartoons.com/127.0.0.1#5353
-ipset=/.martincartoons.com/gfwlist
-server=/.martsangkagyuofficial.org/127.0.0.1#5353
-ipset=/.martsangkagyuofficial.org/gfwlist
-server=/.maruta.be/127.0.0.1#5353
-ipset=/.maruta.be/gfwlist
-server=/.marxist.com/127.0.0.1#5353
-ipset=/.marxist.com/gfwlist
-server=/.marxist.net/127.0.0.1#5353
-ipset=/.marxist.net/gfwlist
-server=/.marxists.org/127.0.0.1#5353
-ipset=/.marxists.org/gfwlist
-server=/.mash.to/127.0.0.1#5353
-ipset=/.mash.to/gfwlist
-server=/.maskedip.com/127.0.0.1#5353
-ipset=/.maskedip.com/gfwlist
-server=/.matainja.com/127.0.0.1#5353
-ipset=/.matainja.com/gfwlist
-server=/.mathable.io/127.0.0.1#5353
-ipset=/.mathable.io/gfwlist
-server=/.mathiew-badimon.com/127.0.0.1#5353
-ipset=/.mathiew-badimon.com/gfwlist
-server=/.matsushimakaede.com/127.0.0.1#5353
-ipset=/.matsushimakaede.com/gfwlist
-server=/.maturejp.com/127.0.0.1#5353
-ipset=/.maturejp.com/gfwlist
-server=/.maxgif.com/127.0.0.1#5353
-ipset=/.maxgif.com/gfwlist
-server=/.maxing.jp/127.0.0.1#5353
-ipset=/.maxing.jp/gfwlist
-server=/.mayimayi.com/127.0.0.1#5353
-ipset=/.mayimayi.com/gfwlist
-server=/.mcadforums.com/127.0.0.1#5353
-ipset=/.mcadforums.com/gfwlist
-server=/.mcfog.com/127.0.0.1#5353
-ipset=/.mcfog.com/gfwlist
-server=/.mcreasite.com/127.0.0.1#5353
-ipset=/.mcreasite.com/gfwlist
-server=/.md-t.org/127.0.0.1#5353
-ipset=/.md-t.org/gfwlist
-server=/.mediafire.com/127.0.0.1#5353
-ipset=/.mediafire.com/gfwlist
-server=/.mediafreakcity.com/127.0.0.1#5353
-ipset=/.mediafreakcity.com/gfwlist
-server=/.meetup.com/127.0.0.1#5353
-ipset=/.meetup.com/gfwlist
-server=/.mefeedia.com/127.0.0.1#5353
-ipset=/.mefeedia.com/gfwlist
-server=/.megaporn.com/127.0.0.1#5353
-ipset=/.megaporn.com/gfwlist
-server=/.megaproxy.com/127.0.0.1#5353
-ipset=/.megaproxy.com/gfwlist
-server=/.megarotic.com/127.0.0.1#5353
-ipset=/.megarotic.com/gfwlist
-server=/.megavideo.com/127.0.0.1#5353
-ipset=/.megavideo.com/gfwlist
-server=/.megurineluka.com/127.0.0.1#5353
-ipset=/.megurineluka.com/gfwlist
-server=/.meirixiaochao.com/127.0.0.1#5353
-ipset=/.meirixiaochao.com/gfwlist
-server=/.melon-peach.com/127.0.0.1#5353
-ipset=/.melon-peach.com/gfwlist
-server=/.meme.yahoo.com/127.0.0.1#5353
-ipset=/.meme.yahoo.com/gfwlist
-server=/.memedia.cn/127.0.0.1#5353
-ipset=/.memedia.cn/gfwlist
-server=/.memehk.com/127.0.0.1#5353
-ipset=/.memehk.com/gfwlist
-server=/.memorybbs.com/127.0.0.1#5353
-ipset=/.memorybbs.com/gfwlist
-server=/.memrijttm.org/127.0.0.1#5353
-ipset=/.memrijttm.org/gfwlist
-server=/.mercyprophet.org/127.0.0.1#5353
-ipset=/.mercyprophet.org/gfwlist
-server=/.meshrep.com/127.0.0.1#5353
-ipset=/.meshrep.com/gfwlist
-server=/.mesotw.com/127.0.0.1#5353
-ipset=/.mesotw.com/gfwlist
-server=/.metacafe.com/127.0.0.1#5353
-ipset=/.metacafe.com/gfwlist
-server=/.metarthunter.com/127.0.0.1#5353
-ipset=/.metarthunter.com/gfwlist
-server=/.meteorshowersonline.com/127.0.0.1#5353
-ipset=/.meteorshowersonline.com/gfwlist
-server=/.metrolife.ca/127.0.0.1#5353
-ipset=/.metrolife.ca/gfwlist
-server=/.metroradio.com.hk/127.0.0.1#5353
-ipset=/.metroradio.com.hk/gfwlist
-server=/.meyou.jp/127.0.0.1#5353
-ipset=/.meyou.jp/gfwlist
-server=/.mfxmedia.com/127.0.0.1#5353
-ipset=/.mfxmedia.com/gfwlist
-server=/.mgoon.com/127.0.0.1#5353
-ipset=/.mgoon.com/gfwlist
-server=/.mgstage.com/127.0.0.1#5353
-ipset=/.mgstage.com/gfwlist
-server=/.mh4u.org/127.0.0.1#5353
-ipset=/.mh4u.org/gfwlist
-server=/.mhradio.org/127.0.0.1#5353
-ipset=/.mhradio.org/gfwlist
-server=/.michaelanti.com/127.0.0.1#5353
-ipset=/.michaelanti.com/gfwlist
-server=/.michaelmarketl.com/127.0.0.1#5353
-ipset=/.michaelmarketl.com/gfwlist
-server=/.middle-way.net/127.0.0.1#5353
-ipset=/.middle-way.net/gfwlist
-server=/.mihk.hk/127.0.0.1#5353
-ipset=/.mihk.hk/gfwlist
-server=/.mihua.org/127.0.0.1#5353
-ipset=/.mihua.org/gfwlist
-server=/.mike.cz.cc/127.0.0.1#5353
-ipset=/.mike.cz.cc/gfwlist
-server=/.mimivip.com/127.0.0.1#5353
-ipset=/.mimivip.com/gfwlist
-server=/.mimivv.com/127.0.0.1#5353
-ipset=/.mimivv.com/gfwlist
-server=/.mindrolling.org/127.0.0.1#5353
-ipset=/.mindrolling.org/gfwlist
-server=/.minghui.or.kr/127.0.0.1#5353
-ipset=/.minghui.or.kr/gfwlist
-server=/.minghui.org/127.0.0.1#5353
-ipset=/.minghui.org/gfwlist
-server=/.minghui-a.org/127.0.0.1#5353
-ipset=/.minghui-a.org/gfwlist
-server=/.minghui-b.org/127.0.0.1#5353
-ipset=/.minghui-b.org/gfwlist
-server=/.minghui-school.org/127.0.0.1#5353
-ipset=/.minghui-school.org/gfwlist
-server=/.mingjinglishi.com/127.0.0.1#5353
-ipset=/.mingjinglishi.com/gfwlist
-server=/.mingjingnews.com/127.0.0.1#5353
-ipset=/.mingjingnews.com/gfwlist
-server=/.mingjingtimes.com/127.0.0.1#5353
-ipset=/.mingjingtimes.com/gfwlist
-server=/.mingpao.com/127.0.0.1#5353
-ipset=/.mingpao.com/gfwlist
-server=/.mingpaocanada.com/127.0.0.1#5353
-ipset=/.mingpaocanada.com/gfwlist
-server=/.mingpaomonthly.com/127.0.0.1#5353
-ipset=/.mingpaomonthly.com/gfwlist
-server=/.mingpaonews.com/127.0.0.1#5353
-ipset=/.mingpaonews.com/gfwlist
-server=/.mingpaony.com/127.0.0.1#5353
-ipset=/.mingpaony.com/gfwlist
-server=/.mingpaosf.com/127.0.0.1#5353
-ipset=/.mingpaosf.com/gfwlist
-server=/.mingpaotor.com/127.0.0.1#5353
-ipset=/.mingpaotor.com/gfwlist
-server=/.mingpaovan.com/127.0.0.1#5353
-ipset=/.mingpaovan.com/gfwlist
-server=/.mingshengbao.com/127.0.0.1#5353
-ipset=/.mingshengbao.com/gfwlist
-server=/.ministrybooks.org/127.0.0.1#5353
-ipset=/.ministrybooks.org/gfwlist
-server=/.minzhuhua.net/127.0.0.1#5353
-ipset=/.minzhuhua.net/gfwlist
-server=/.minzhuzhanxian.com/127.0.0.1#5353
-ipset=/.minzhuzhanxian.com/gfwlist
-server=/.minzhuzhongguo.org/127.0.0.1#5353
-ipset=/.minzhuzhongguo.org/gfwlist
-server=/.miroguide.com/127.0.0.1#5353
-ipset=/.miroguide.com/gfwlist
-server=/.mirrorbooks.com/127.0.0.1#5353
-ipset=/.mirrorbooks.com/gfwlist
-server=/.mitbbs.com/127.0.0.1#5353
-ipset=/.mitbbs.com/gfwlist
-server=/.mixero.com/127.0.0.1#5353
-ipset=/.mixero.com/gfwlist
-server=/.mixpod.com/127.0.0.1#5353
-ipset=/.mixpod.com/gfwlist
-server=/.mixx.com/127.0.0.1#5353
-ipset=/.mixx.com/gfwlist
-server=/.mizzmona.com/127.0.0.1#5353
-ipset=/.mizzmona.com/gfwlist
-server=/.mjlsh.usc.cuhk.edu.hk/127.0.0.1#5353
-ipset=/.mjlsh.usc.cuhk.edu.hk/gfwlist
-server=/.mk5000.com/127.0.0.1#5353
-ipset=/.mk5000.com/gfwlist
-server=/.mlcool.com/127.0.0.1#5353
-ipset=/.mlcool.com/gfwlist
-server=/.mmaaxx.com/127.0.0.1#5353
-ipset=/.mmaaxx.com/gfwlist
-server=/.mmmca.com/127.0.0.1#5353
-ipset=/.mmmca.com/gfwlist
-server=/.mobatek.net/127.0.0.1#5353
-ipset=/.mobatek.net/gfwlist
-server=/.mobile01.com/127.0.0.1#5353
-ipset=/.mobile01.com/gfwlist
-server=/.mobileways.de/127.0.0.1#5353
-ipset=/.mobileways.de/gfwlist
-server=/.moby.to/127.0.0.1#5353
-ipset=/.moby.to/gfwlist
-server=/.mobypicture.com/127.0.0.1#5353
-ipset=/.mobypicture.com/gfwlist
-server=/.mog.com/127.0.0.1#5353
-ipset=/.mog.com/gfwlist
-server=/.molihua.org/127.0.0.1#5353
-ipset=/.molihua.org/gfwlist
-server=/.mondex.org/127.0.0.1#5353
-ipset=/.mondex.org/gfwlist
-server=/.monitorchina.org/127.0.0.1#5353
-ipset=/.monitorchina.org/gfwlist
-server=/.monster.com/127.0.0.1#5353
-ipset=/.monster.com/gfwlist
-server=/.moodyz.com/127.0.0.1#5353
-ipset=/.moodyz.com/gfwlist
-server=/.moonbbs.com/127.0.0.1#5353
-ipset=/.moonbbs.com/gfwlist
-server=/.morningsun.org/127.0.0.1#5353
-ipset=/.morningsun.org/gfwlist
-server=/.moroneta.com/127.0.0.1#5353
-ipset=/.moroneta.com/gfwlist
-server=/.moviefap.com/127.0.0.1#5353
-ipset=/.moviefap.com/gfwlist
-server=/.mp3ye.eu/127.0.0.1#5353
-ipset=/.mp3ye.eu/gfwlist
-server=/.mpettis.com/127.0.0.1#5353
-ipset=/.mpettis.com/gfwlist
-server=/.mpfinance.com/127.0.0.1#5353
-ipset=/.mpfinance.com/gfwlist
-server=/.mpinews.com/127.0.0.1#5353
-ipset=/.mpinews.com/gfwlist
-server=/.mrdoob.com/127.0.0.1#5353
-ipset=/.mrdoob.com/gfwlist
-server=/.mrtweet.com/127.0.0.1#5353
-ipset=/.mrtweet.com/gfwlist
-server=/.msguancha.com/127.0.0.1#5353
-ipset=/.msguancha.com/gfwlist
-server=/.mswe1.org/127.0.0.1#5353
-ipset=/.mswe1.org/gfwlist
-server=/.m-team.cc/127.0.0.1#5353
-ipset=/.m-team.cc/gfwlist
-server=/.mthruf.com/127.0.0.1#5353
-ipset=/.mthruf.com/gfwlist
-server=/.mtw.tl/127.0.0.1#5353
-ipset=/.mtw.tl/gfwlist
-server=/.mullvad.net/127.0.0.1#5353
-ipset=/.mullvad.net/gfwlist
-server=/.multiply.com/127.0.0.1#5353
-ipset=/.multiply.com/gfwlist
-server=/.multiproxy.org/127.0.0.1#5353
-ipset=/.multiproxy.org/gfwlist
-server=/.multiupload.com/127.0.0.1#5353
-ipset=/.multiupload.com/gfwlist
-server=/.muouju.com/127.0.0.1#5353
-ipset=/.muouju.com/gfwlist
-server=/.muselinks.co.jp/127.0.0.1#5353
-ipset=/.muselinks.co.jp/gfwlist
-server=/.muzi.com/127.0.0.1#5353
-ipset=/.muzi.com/gfwlist
-server=/.muzi.net/127.0.0.1#5353
-ipset=/.muzi.net/gfwlist
-server=/.muzu.tv/127.0.0.1#5353
-ipset=/.muzu.tv/gfwlist
-server=/.mvg.jp/127.0.0.1#5353
-ipset=/.mvg.jp/gfwlist
-server=/.mx.hao123.com/127.0.0.1#5353
-ipset=/.mx.hao123.com/gfwlist
-server=/.mx981.com/127.0.0.1#5353
-ipset=/.mx981.com/gfwlist
-server=/.my.mail.ru/127.0.0.1#5353
-ipset=/.my.mail.ru/gfwlist
-server=/.my.opera.com/127.0.0.1#5353
-ipset=/.my.opera.com/gfwlist
-server=/.myactimes.com/127.0.0.1#5353
-ipset=/.myactimes.com/gfwlist
-server=/.my-addr.com/127.0.0.1#5353
-ipset=/.my-addr.com/gfwlist
-server=/.myaudiocast.com/127.0.0.1#5353
-ipset=/.myaudiocast.com/gfwlist
-server=/.mychinamyhome.com/127.0.0.1#5353
-ipset=/.mychinamyhome.com/gfwlist
-server=/.mychinanews.com/127.0.0.1#5353
-ipset=/.mychinanews.com/gfwlist
-server=/.myeclipseide.com/127.0.0.1#5353
-ipset=/.myeclipseide.com/gfwlist
-server=/.myforum.com.hk/127.0.0.1#5353
-ipset=/.myforum.com.hk/gfwlist
-server=/.myforum.com.uk/127.0.0.1#5353
-ipset=/.myforum.com.uk/gfwlist
-server=/.myfreshnet.com/127.0.0.1#5353
-ipset=/.myfreshnet.com/gfwlist
-server=/.mymediarom.com/127.0.0.1#5353
-ipset=/.mymediarom.com/gfwlist
-server=/.myopenid.com/127.0.0.1#5353
-ipset=/.myopenid.com/gfwlist
-server=/.myparagliding.com/127.0.0.1#5353
-ipset=/.myparagliding.com/gfwlist
-server=/.mypopescu.com/127.0.0.1#5353
-ipset=/.mypopescu.com/gfwlist
-server=/.my-private-network.co.uk/127.0.0.1#5353
-ipset=/.my-private-network.co.uk/gfwlist
-server=/.my-proxy.com/127.0.0.1#5353
-ipset=/.my-proxy.com/gfwlist
-server=/.mysinablog.com/127.0.0.1#5353
-ipset=/.mysinablog.com/gfwlist
-server=/.mysite.verizon.net/127.0.0.1#5353
-ipset=/.mysite.verizon.net/gfwlist
-server=/.myspace.com/127.0.0.1#5353
-ipset=/.myspace.com/gfwlist
-server=/.naacoalition.org/127.0.0.1#5353
-ipset=/.naacoalition.org/gfwlist
-server=/.naitik.net/127.0.0.1#5353
-ipset=/.naitik.net/gfwlist
-server=/.nakido.com/127.0.0.1#5353
-ipset=/.nakido.com/gfwlist
-server=/.namsisi.com/127.0.0.1#5353
-ipset=/.namsisi.com/gfwlist
-server=/.nanyang.com/127.0.0.1#5353
-ipset=/.nanyang.com/gfwlist
-server=/.nanyangpost.com/127.0.0.1#5353
-ipset=/.nanyangpost.com/gfwlist
-server=/.nanzao.com/127.0.0.1#5353
-ipset=/.nanzao.com/gfwlist
-server=/.naol.ca/127.0.0.1#5353
-ipset=/.naol.ca/gfwlist
-server=/.national-lottery.co.uk/127.0.0.1#5353
-ipset=/.national-lottery.co.uk/gfwlist
-server=/.nationsonline.org/127.0.0.1#5353
-ipset=/.nationsonline.org/gfwlist
-server=/.naughtyamerica.com/127.0.0.1#5353
-ipset=/.naughtyamerica.com/gfwlist
-server=/.navicat.com/127.0.0.1#5353
-ipset=/.navicat.com/gfwlist
-server=/.ncn.org/127.0.0.1#5353
-ipset=/.ncn.org/gfwlist
-server=/.nde.de/127.0.0.1#5353
-ipset=/.nde.de/gfwlist
-server=/.ndr.de/127.0.0.1#5353
-ipset=/.ndr.de/gfwlist
-server=/.ned.org/127.0.0.1#5353
-ipset=/.ned.org/gfwlist
-server=/.nekoslovakia.net/127.0.0.1#5353
-ipset=/.nekoslovakia.net/gfwlist
-server=/.nemesis2.qx.net/127.0.0.1#5353
-ipset=/.nemesis2.qx.net/gfwlist
-server=/.netbirds.com/127.0.0.1#5353
-ipset=/.netbirds.com/gfwlist
-server=/.netcolony.com/127.0.0.1#5353
-ipset=/.netcolony.com/gfwlist
-server=/.netflix.com/127.0.0.1#5353
-ipset=/.netflix.com/gfwlist
-server=/.netme.cc/127.0.0.1#5353
-ipset=/.netme.cc/gfwlist
-server=/.netsneak.com/127.0.0.1#5353
-ipset=/.netsneak.com/gfwlist
-server=/.network54.com/127.0.0.1#5353
-ipset=/.network54.com/gfwlist
-server=/.networkedblogs.com/127.0.0.1#5353
-ipset=/.networkedblogs.com/gfwlist
-server=/.neverforget8964.org/127.0.0.1#5353
-ipset=/.neverforget8964.org/gfwlist
-server=/.new-3lunch.net/127.0.0.1#5353
-ipset=/.new-3lunch.net/gfwlist
-server=/.new96.ca/127.0.0.1#5353
-ipset=/.new96.ca/gfwlist
-server=/.new-akiba.com/127.0.0.1#5353
-ipset=/.new-akiba.com/gfwlist
-server=/.newcenturymc.com/127.0.0.1#5353
-ipset=/.newcenturymc.com/gfwlist
-server=/.newcenturynews.com/127.0.0.1#5353
-ipset=/.newcenturynews.com/gfwlist
-server=/.newchen.com/127.0.0.1#5353
-ipset=/.newchen.com/gfwlist
-server=/.newgrounds.com/127.0.0.1#5353
-ipset=/.newgrounds.com/gfwlist
-server=/.newlandmagazine.com.au/127.0.0.1#5353
-ipset=/.newlandmagazine.com.au/gfwlist
-server=/.news.bbc.co.uk/127.0.0.1#5353
-ipset=/.news.bbc.co.uk/gfwlist
-server=/.news.cnyes.com/127.0.0.1#5353
-ipset=/.news.cnyes.com/gfwlist
-server=/.news.hkpeanut.com/127.0.0.1#5353
-ipset=/.news.hkpeanut.com/gfwlist
-server=/.news.now.com/127.0.0.1#5353
-ipset=/.news.now.com/gfwlist
-server=/.news.omy.sg/127.0.0.1#5353
-ipset=/.news.omy.sg/gfwlist
-server=/.news.sina.com.hk/127.0.0.1#5353
-ipset=/.news.sina.com.hk/gfwlist
-server=/.news.sinchew.com.my/127.0.0.1#5353
-ipset=/.news.sinchew.com.my/gfwlist
-server=/.news.singtao.ca/127.0.0.1#5353
-ipset=/.news.singtao.ca/gfwlist
-server=/.news.tvb.com/127.0.0.1#5353
-ipset=/.news.tvb.com/gfwlist
-server=/.newsancai.com/127.0.0.1#5353
-ipset=/.newsancai.com/gfwlist
-server=/.newscn.org/127.0.0.1#5353
-ipset=/.newscn.org/gfwlist
-server=/.newsdh.com/127.0.0.1#5353
-ipset=/.newsdh.com/gfwlist
-server=/.newsforums.bbc.co.uk/127.0.0.1#5353
-ipset=/.newsforums.bbc.co.uk/gfwlist
-server=/.newsminer.com/127.0.0.1#5353
-ipset=/.newsminer.com/gfwlist
-server=/.newspeak.cc/127.0.0.1#5353
-ipset=/.newspeak.cc/gfwlist
-server=/.newstapa.org/127.0.0.1#5353
-ipset=/.newstapa.org/gfwlist
-server=/.newstarnet.com/127.0.0.1#5353
-ipset=/.newstarnet.com/gfwlist
-server=/.newyorktimes.com/127.0.0.1#5353
-ipset=/.newyorktimes.com/gfwlist
-server=/.nexon.com/127.0.0.1#5353
-ipset=/.nexon.com/gfwlist
-server=/.nextmedia.com/127.0.0.1#5353
-ipset=/.nextmedia.com/gfwlist
-server=/.nexton-net.jp/127.0.0.1#5353
-ipset=/.nexton-net.jp/gfwlist
-server=/.nf.id.au/127.0.0.1#5353
-ipset=/.nf.id.au/gfwlist
-server=/.nga.mil/127.0.0.1#5353
-ipset=/.nga.mil/gfwlist
-server=/.ngensis.com/127.0.0.1#5353
-ipset=/.ngensis.com/gfwlist
-server=/.nhentai.net/127.0.0.1#5353
-ipset=/.nhentai.net/gfwlist
-server=/.nic.cz.cc/127.0.0.1#5353
-ipset=/.nic.cz.cc/gfwlist
-#server=/.nic.google/127.0.0.1#5353
-#ipset=/.nic.google/gfwlist
-server=/.nicovideo.jp/127.0.0.1#5353
-ipset=/.nicovideo.jp/gfwlist
-server=/.nighost.org/127.0.0.1#5353
-ipset=/.nighost.org/gfwlist
-server=/.ninecommentaries.com/127.0.0.1#5353
-ipset=/.ninecommentaries.com/gfwlist
-server=/.nintendium.com/127.0.0.1#5353
-ipset=/.nintendium.com/gfwlist
-server=/.niusnews.com/127.0.0.1#5353
-ipset=/.niusnews.com/gfwlist
-server=/.njactb.org/127.0.0.1#5353
-ipset=/.njactb.org/gfwlist
-server=/.njuice.com/127.0.0.1#5353
-ipset=/.njuice.com/gfwlist
-server=/.nlfreevpn.com/127.0.0.1#5353
-ipset=/.nlfreevpn.com/gfwlist
-server=/.nobel.se/127.0.0.1#5353
-ipset=/.nobel.se/gfwlist
-server=/.nobelprize.org/127.0.0.1#5353
-ipset=/.nobelprize.org/gfwlist
-server=/.nobodycanstop.us/127.0.0.1#5353
-ipset=/.nobodycanstop.us/gfwlist
-server=/.nokogiri.org/127.0.0.1#5353
-ipset=/.nokogiri.org/gfwlist
-server=/.nokola.com/127.0.0.1#5353
-ipset=/.nokola.com/gfwlist
-server=/.noodlevpn.com/127.0.0.1#5353
-ipset=/.noodlevpn.com/gfwlist
-server=/.norbulingka.org/127.0.0.1#5353
-ipset=/.norbulingka.org/gfwlist
-server=/.nordstrom.com/127.0.0.1#5353
-ipset=/.nordstrom.com/gfwlist
-server=/.nordstromimage.com/127.0.0.1#5353
-ipset=/.nordstromimage.com/gfwlist
-server=/.nordvpn.com/127.0.0.1#5353
-ipset=/.nordvpn.com/gfwlist
-server=/.novelasia.com/127.0.0.1#5353
-ipset=/.novelasia.com/gfwlist
-server=/.nownews.com/127.0.0.1#5353
-ipset=/.nownews.com/gfwlist
-server=/.nowtorrents.com/127.0.0.1#5353
-ipset=/.nowtorrents.com/gfwlist
-server=/.noypf.com/127.0.0.1#5353
-ipset=/.noypf.com/gfwlist
-server=/.npa.go.jp/127.0.0.1#5353
-ipset=/.npa.go.jp/gfwlist
-server=/.nps.gov/127.0.0.1#5353
-ipset=/.nps.gov/gfwlist
-server=/.nrk.no/127.0.0.1#5353
-ipset=/.nrk.no/gfwlist
-server=/.ntd.tv/127.0.0.1#5353
-ipset=/.ntd.tv/gfwlist
-server=/.ntdtv.ca/127.0.0.1#5353
-ipset=/.ntdtv.ca/gfwlist
-server=/.ntdtv.co.kr/127.0.0.1#5353
-ipset=/.ntdtv.co.kr/gfwlist
-server=/.ntdtv.com/127.0.0.1#5353
-ipset=/.ntdtv.com/gfwlist
-server=/.ntdtv.cz/127.0.0.1#5353
-ipset=/.ntdtv.cz/gfwlist
-server=/.ntdtv.org/127.0.0.1#5353
-ipset=/.ntdtv.org/gfwlist
-server=/.ntdtv.ru/127.0.0.1#5353
-ipset=/.ntdtv.ru/gfwlist
-server=/.nubiles.net/127.0.0.1#5353
-ipset=/.nubiles.net/gfwlist
-server=/.nuexpo.com/127.0.0.1#5353
-ipset=/.nuexpo.com/gfwlist
-server=/.nurgo-software.com/127.0.0.1#5353
-ipset=/.nurgo-software.com/gfwlist
-server=/.nuuvem.com/127.0.0.1#5353
-ipset=/.nuuvem.com/gfwlist
-server=/.nuvid.com/127.0.0.1#5353
-ipset=/.nuvid.com/gfwlist
-server=/.nuzcom.com/127.0.0.1#5353
-ipset=/.nuzcom.com/gfwlist
-server=/.nvquan.org/127.0.0.1#5353
-ipset=/.nvquan.org/gfwlist
-server=/.nwtca.org/127.0.0.1#5353
-ipset=/.nwtca.org/gfwlist
-server=/.ny.visiontimes.com/127.0.0.1#5353
-ipset=/.ny.visiontimes.com/gfwlist
-server=/.nyaa.se/127.0.0.1#5353
-ipset=/.nyaa.se/gfwlist
-server=/.nydus.ca/127.0.0.1#5353
-ipset=/.nydus.ca/gfwlist
-server=/.nysingtao.com/127.0.0.1#5353
-ipset=/.nysingtao.com/gfwlist
-server=/.nyt.com/127.0.0.1#5353
-ipset=/.nyt.com/gfwlist
-server=/.nytco.com/127.0.0.1#5353
-ipset=/.nytco.com/gfwlist
-server=/.nyti.ms/127.0.0.1#5353
-ipset=/.nyti.ms/gfwlist
-server=/.nytimes.com/127.0.0.1#5353
-ipset=/.nytimes.com/gfwlist
-server=/.nytimg.com/127.0.0.1#5353
-ipset=/.nytimg.com/gfwlist
-server=/.nzchinese.net.nz/127.0.0.1#5353
-ipset=/.nzchinese.net.nz/gfwlist
-server=/.observechina.net/127.0.0.1#5353
-ipset=/.observechina.net/gfwlist
-server=/.ocaspro.com/127.0.0.1#5353
-ipset=/.ocaspro.com/gfwlist
-server=/.oclp.hk/127.0.0.1#5353
-ipset=/.oclp.hk/gfwlist
-server=/.october-review.org/127.0.0.1#5353
-ipset=/.october-review.org/gfwlist
-server=/.offbeatchina.com/127.0.0.1#5353
-ipset=/.offbeatchina.com/gfwlist
-server=/.officeoftibet.com/127.0.0.1#5353
-ipset=/.officeoftibet.com/gfwlist
-server=/.ogaoga.org/127.0.0.1#5353
-ipset=/.ogaoga.org/gfwlist
-server=/.oiktv.com/127.0.0.1#5353
-ipset=/.oiktv.com/gfwlist
-server=/.oizoblog.com/127.0.0.1#5353
-ipset=/.oizoblog.com/gfwlist
-server=/.okayfreedom.com/127.0.0.1#5353
-ipset=/.okayfreedom.com/gfwlist
-server=/.old.honeynet.org/127.0.0.1#5353
-ipset=/.old.honeynet.org/gfwlist
-server=/.old.nabble.com/127.0.0.1#5353
-ipset=/.old.nabble.com/gfwlist
-server=/.old-cat.net/127.0.0.1#5353
-ipset=/.old-cat.net/gfwlist
-server=/.olumpo.com/127.0.0.1#5353
-ipset=/.olumpo.com/gfwlist
-server=/.olympicwatch.org/127.0.0.1#5353
-ipset=/.olympicwatch.org/gfwlist
-server=/.omgili.com/127.0.0.1#5353
-ipset=/.omgili.com/gfwlist
-server=/.omnitalk.com/127.0.0.1#5353
-ipset=/.omnitalk.com/gfwlist
-server=/.omnitalk.org/127.0.0.1#5353
-ipset=/.omnitalk.org/gfwlist
-server=/.on.cc/127.0.0.1#5353
-ipset=/.on.cc/gfwlist
-server=/.one.xthost.info/127.0.0.1#5353
-ipset=/.one.xthost.info/gfwlist
-server=/.onedrive.live.com/127.0.0.1#5353
-ipset=/.onedrive.live.com/gfwlist
-server=/.online.recoveryversion.org/127.0.0.1#5353
-ipset=/.online.recoveryversion.org/gfwlist
-server=/.onlineyoutube.com/127.0.0.1#5353
-ipset=/.onlineyoutube.com/gfwlist
-server=/.onlylady.cn/127.0.0.1#5353
-ipset=/.onlylady.cn/gfwlist
-server=/.onmoon.com/127.0.0.1#5353
-ipset=/.onmoon.com/gfwlist
-server=/.onmoon.net/127.0.0.1#5353
-ipset=/.onmoon.net/gfwlist
-server=/.ontrac.com/127.0.0.1#5353
-ipset=/.ontrac.com/gfwlist
-server=/.oopsforum.com/127.0.0.1#5353
-ipset=/.oopsforum.com/gfwlist
-server=/.open.com.hk/127.0.0.1#5353
-ipset=/.open.com.hk/gfwlist
-server=/.openallweb.com/127.0.0.1#5353
-ipset=/.openallweb.com/gfwlist
-server=/.opendemocracy.net/127.0.0.1#5353
-ipset=/.opendemocracy.net/gfwlist
-server=/.openid.net/127.0.0.1#5353
-ipset=/.openid.net/gfwlist
-server=/.openleaks.org/127.0.0.1#5353
-ipset=/.openleaks.org/gfwlist
-server=/.openvpn.net/127.0.0.1#5353
-ipset=/.openvpn.net/gfwlist
-server=/.openwebster.com/127.0.0.1#5353
-ipset=/.openwebster.com/gfwlist
-server=/.opml.radiotime.com/127.0.0.1#5353
-ipset=/.opml.radiotime.com/gfwlist
-server=/.organharvestinvestigation.net/127.0.0.1#5353
-ipset=/.organharvestinvestigation.net/gfwlist
-server=/.orientaldaily.com.my/127.0.0.1#5353
-ipset=/.orientaldaily.com.my/gfwlist
-server=/.orient-doll.com/127.0.0.1#5353
-ipset=/.orient-doll.com/gfwlist
-server=/.orn.jp/127.0.0.1#5353
-ipset=/.orn.jp/gfwlist
-server=/.orzistic.org/127.0.0.1#5353
-ipset=/.orzistic.org/gfwlist
-server=/.osaka69.com/127.0.0.1#5353
-ipset=/.osaka69.com/gfwlist
-server=/.osfoora.com/127.0.0.1#5353
-ipset=/.osfoora.com/gfwlist
-server=/.otnd.org/127.0.0.1#5353
-ipset=/.otnd.org/gfwlist
-server=/.otto.de/127.0.0.1#5353
-ipset=/.otto.de/gfwlist
-server=/.ourdearamy.com/127.0.0.1#5353
-ipset=/.ourdearamy.com/gfwlist
-server=/.oursogo.com/127.0.0.1#5353
-ipset=/.oursogo.com/gfwlist
-server=/.oursteps.com.au/127.0.0.1#5353
-ipset=/.oursteps.com.au/gfwlist
-server=/.ourtv.hk/127.0.0.1#5353
-ipset=/.ourtv.hk/gfwlist
-server=/.overlapr.com/127.0.0.1#5353
-ipset=/.overlapr.com/gfwlist
-server=/.overplay.net/127.0.0.1#5353
-ipset=/.overplay.net/gfwlist
-server=/.ow.ly/127.0.0.1#5353
-ipset=/.ow.ly/gfwlist
-server=/.owl.li/127.0.0.1#5353
-ipset=/.owl.li/gfwlist
-server=/.oyax.com/127.0.0.1#5353
-ipset=/.oyax.com/gfwlist
-server=/.ozchinese.com/127.0.0.1#5353
-ipset=/.ozchinese.com/gfwlist
-server=/.ozxw.com/127.0.0.1#5353
-ipset=/.ozxw.com/gfwlist
-server=/.ozyoyo.com/127.0.0.1#5353
-ipset=/.ozyoyo.com/gfwlist
-server=/.pacificpoker.com/127.0.0.1#5353
-ipset=/.pacificpoker.com/gfwlist
-server=/.packages.debian.org/127.0.0.1#5353
-ipset=/.packages.debian.org/gfwlist
-server=/.packetix.net/127.0.0.1#5353
-ipset=/.packetix.net/gfwlist
-server=/.pacopacomama.com/127.0.0.1#5353
-ipset=/.pacopacomama.com/gfwlist
-server=/.padmanet.com/127.0.0.1#5353
-ipset=/.padmanet.com/gfwlist
-server=/.page.bid.yahoo.com/127.0.0.1#5353
-ipset=/.page.bid.yahoo.com/gfwlist
-server=/.page2rss.com/127.0.0.1#5353
-ipset=/.page2rss.com/gfwlist
-server=/.pagodabox.com/127.0.0.1#5353
-ipset=/.pagodabox.com/gfwlist
-server=/.paint.net/127.0.0.1#5353
-ipset=/.paint.net/gfwlist
-server=/.palacemoon.com/127.0.0.1#5353
-ipset=/.palacemoon.com/gfwlist
-server=/.paldengyal.com/127.0.0.1#5353
-ipset=/.paldengyal.com/gfwlist
-server=/.paljorpublications.com/127.0.0.1#5353
-ipset=/.paljorpublications.com/gfwlist
-server=/.panacom.co.jp/127.0.0.1#5353
-ipset=/.panacom.co.jp/gfwlist
-server=/.pandapow.net/127.0.0.1#5353
-ipset=/.pandapow.net/gfwlist
-server=/.pandavpn-jp.com/127.0.0.1#5353
-ipset=/.pandavpn-jp.com/gfwlist
-server=/.pandora.com/127.0.0.1#5353
-ipset=/.pandora.com/gfwlist
-server=/.pandora.tv/127.0.0.1#5353
-ipset=/.pandora.tv/gfwlist
-server=/.panluan.net/127.0.0.1#5353
-ipset=/.panluan.net/gfwlist
-server=/.panoramio.com/127.0.0.1#5353
-ipset=/.panoramio.com/gfwlist
-server=/.pao-pao.net/127.0.0.1#5353
-ipset=/.pao-pao.net/gfwlist
-server=/.paper.li/127.0.0.1#5353
-ipset=/.paper.li/gfwlist
-server=/.paperb.us/127.0.0.1#5353
-ipset=/.paperb.us/gfwlist
-server=/.passion.com/127.0.0.1#5353
-ipset=/.passion.com/gfwlist
-server=/.passiontimes.hk/127.0.0.1#5353
-ipset=/.passiontimes.hk/gfwlist
-server=/.pastebin.com/127.0.0.1#5353
-ipset=/.pastebin.com/gfwlist
-server=/.pastie.org/127.0.0.1#5353
-ipset=/.pastie.org/gfwlist
-server=/.pbs.org/127.0.0.1#5353
-ipset=/.pbs.org/gfwlist
-server=/.pbwiki.com/127.0.0.1#5353
-ipset=/.pbwiki.com/gfwlist
-server=/.pbworks.com/127.0.0.1#5353
-ipset=/.pbworks.com/gfwlist
-server=/.pbxes.com/127.0.0.1#5353
-ipset=/.pbxes.com/gfwlist
-server=/.pbxes.org/127.0.0.1#5353
-ipset=/.pbxes.org/gfwlist
-server=/.pcdiscuss.com/127.0.0.1#5353
-ipset=/.pcdiscuss.com/gfwlist
-server=/.pcij.org/127.0.0.1#5353
-ipset=/.pcij.org/gfwlist
-server=/.pdetails.com/127.0.0.1#5353
-ipset=/.pdetails.com/gfwlist
-server=/.pdproxy.com/127.0.0.1#5353
-ipset=/.pdproxy.com/gfwlist
-server=/.pds.nasa.gov/127.0.0.1#5353
-ipset=/.pds.nasa.gov/gfwlist
-server=/.peace.ca/127.0.0.1#5353
-ipset=/.peace.ca/gfwlist
-server=/.peacefire.org/127.0.0.1#5353
-ipset=/.peacefire.org/gfwlist
-server=/.peacehall.com/127.0.0.1#5353
-ipset=/.peacehall.com/gfwlist
-server=/.pearlher.org/127.0.0.1#5353
-ipset=/.pearlher.org/gfwlist
-server=/.peeasian.com/127.0.0.1#5353
-ipset=/.peeasian.com/gfwlist
-server=/.peerpong.com/127.0.0.1#5353
-ipset=/.peerpong.com/gfwlist
-server=/.pekingduck.org/127.0.0.1#5353
-ipset=/.pekingduck.org/gfwlist
-server=/.pemulihan.or.id/127.0.0.1#5353
-ipset=/.pemulihan.or.id/gfwlist
-server=/.pen.io/127.0.0.1#5353
-ipset=/.pen.io/gfwlist
-server=/.penchinese.com/127.0.0.1#5353
-ipset=/.penchinese.com/gfwlist
-server=/.penchinese.net/127.0.0.1#5353
-ipset=/.penchinese.net/gfwlist
-server=/.pengyulong.com/127.0.0.1#5353
-ipset=/.pengyulong.com/gfwlist
-server=/.penthouse.com/127.0.0.1#5353
-ipset=/.penthouse.com/gfwlist
-server=/.peopo.org/127.0.0.1#5353
-ipset=/.peopo.org/gfwlist
-server=/.percy.in/127.0.0.1#5353
-ipset=/.percy.in/gfwlist
-server=/.perfectgirls.net/127.0.0.1#5353
-ipset=/.perfectgirls.net/gfwlist
-server=/.perfectvpn.net/127.0.0.1#5353
-ipset=/.perfectvpn.net/gfwlist
-server=/.persecutionblog.com/127.0.0.1#5353
-ipset=/.persecutionblog.com/gfwlist
-server=/.pfd.org.hk/127.0.0.1#5353
-ipset=/.pfd.org.hk/gfwlist
-server=/.phayul.com/127.0.0.1#5353
-ipset=/.phayul.com/gfwlist
-server=/.philly.com/127.0.0.1#5353
-ipset=/.philly.com/gfwlist
-server=/.phncdn.com/127.0.0.1#5353
-ipset=/.phncdn.com/gfwlist
-server=/.photodharma.net/127.0.0.1#5353
-ipset=/.photodharma.net/gfwlist
-server=/.photofocus.com/127.0.0.1#5353
-ipset=/.photofocus.com/gfwlist
-server=/.phuquocservices.com/127.0.0.1#5353
-ipset=/.phuquocservices.com/gfwlist
-server=/.picasaweb.com/127.0.0.1#5353
-ipset=/.picasaweb.com/gfwlist
-server=/.picidae.net/127.0.0.1#5353
-ipset=/.picidae.net/gfwlist
-server=/.picturedip.com/127.0.0.1#5353
-ipset=/.picturedip.com/gfwlist
-server=/.pictures.playboy.com/127.0.0.1#5353
-ipset=/.pictures.playboy.com/gfwlist
-server=/.picturesocial.com/127.0.0.1#5353
-ipset=/.picturesocial.com/gfwlist
-server=/.pin6.com/127.0.0.1#5353
-ipset=/.pin6.com/gfwlist
-server=/.ping.fm/127.0.0.1#5353
-ipset=/.ping.fm/gfwlist
-server=/.pinoy-n.com/127.0.0.1#5353
-ipset=/.pinoy-n.com/gfwlist
-server=/.pioneer-worker.forums-free.com/127.0.0.1#5353
-ipset=/.pioneer-worker.forums-free.com/gfwlist
-server=/.piposay.com/127.0.0.1#5353
-ipset=/.piposay.com/gfwlist
-server=/.piring.com/127.0.0.1#5353
-ipset=/.piring.com/gfwlist
-server=/.pixelqi.com/127.0.0.1#5353
-ipset=/.pixelqi.com/gfwlist
-server=/.pixnet.net/127.0.0.1#5353
-ipset=/.pixnet.net/gfwlist
-server=/.pk.com/127.0.0.1#5353
-ipset=/.pk.com/gfwlist
-server=/.placemix.com/127.0.0.1#5353
-ipset=/.placemix.com/gfwlist
-server=/.playboy.com/127.0.0.1#5353
-ipset=/.playboy.com/gfwlist
-server=/.playboyplus.com/127.0.0.1#5353
-ipset=/.playboyplus.com/gfwlist
-server=/.playno1.com/127.0.0.1#5353
-ipset=/.playno1.com/gfwlist
-server=/.playpcesor.com/127.0.0.1#5353
-ipset=/.playpcesor.com/gfwlist
-server=/.plm.org.hk/127.0.0.1#5353
-ipset=/.plm.org.hk/gfwlist
-server=/.plunder.com/127.0.0.1#5353
-ipset=/.plunder.com/gfwlist
-server=/.plurktop.mmdays.com/127.0.0.1#5353
-ipset=/.plurktop.mmdays.com/gfwlist
-server=/.plus28.com/127.0.0.1#5353
-ipset=/.plus28.com/gfwlist
-server=/.plusbb.com/127.0.0.1#5353
-ipset=/.plusbb.com/gfwlist
-server=/.pmates.com/127.0.0.1#5353
-ipset=/.pmates.com/gfwlist
-server=/.po2b.com/127.0.0.1#5353
-ipset=/.po2b.com/gfwlist
-server=/.podictionary.com/127.0.0.1#5353
-ipset=/.podictionary.com/gfwlist
-server=/.politicalchina.org/127.0.0.1#5353
-ipset=/.politicalchina.org/gfwlist
-server=/.politicalconsultation.org/127.0.0.1#5353
-ipset=/.politicalconsultation.org/gfwlist
-server=/.polymerhk.com/127.0.0.1#5353
-ipset=/.polymerhk.com/gfwlist
-server=/.polymer-project.org/127.0.0.1#5353
-ipset=/.polymer-project.org/gfwlist
-server=/.popvote.hk/127.0.0.1#5353
-ipset=/.popvote.hk/gfwlist
-server=/.popyard.com/127.0.0.1#5353
-ipset=/.popyard.com/gfwlist
-server=/.popyard.org/127.0.0.1#5353
-ipset=/.popyard.org/gfwlist
-server=/.porn.com/127.0.0.1#5353
-ipset=/.porn.com/gfwlist
-server=/.porn2.com/127.0.0.1#5353
-ipset=/.porn2.com/gfwlist
-server=/.pornbase.org/127.0.0.1#5353
-ipset=/.pornbase.org/gfwlist
-server=/.pornhd.com/127.0.0.1#5353
-ipset=/.pornhd.com/gfwlist
-server=/.pornhost.com/127.0.0.1#5353
-ipset=/.pornhost.com/gfwlist
-server=/.pornhub.com/127.0.0.1#5353
-ipset=/.pornhub.com/gfwlist
-server=/.pornmm.net/127.0.0.1#5353
-ipset=/.pornmm.net/gfwlist
-server=/.pornoxo.com/127.0.0.1#5353
-ipset=/.pornoxo.com/gfwlist
-server=/.pornrapidshare.com/127.0.0.1#5353
-ipset=/.pornrapidshare.com/gfwlist
-server=/.pornstarclub.com/127.0.0.1#5353
-ipset=/.pornstarclub.com/gfwlist
-server=/.porntube.com/127.0.0.1#5353
-ipset=/.porntube.com/gfwlist
-server=/.porntvblog.com/127.0.0.1#5353
-ipset=/.porntvblog.com/gfwlist
-server=/.pornvisit.com/127.0.0.1#5353
-ipset=/.pornvisit.com/gfwlist
-server=/.portablevpn.nl/127.0.0.1#5353
-ipset=/.portablevpn.nl/gfwlist
-server=/.pose.com/127.0.0.1#5353
-ipset=/.pose.com/gfwlist
-server=/.post.anyu.org/127.0.0.1#5353
-ipset=/.post.anyu.org/gfwlist
-server=/.post.ly/127.0.0.1#5353
-ipset=/.post.ly/gfwlist
-server=/.post852.com/127.0.0.1#5353
-ipset=/.post852.com/gfwlist
-server=/.postadult.com/127.0.0.1#5353
-ipset=/.postadult.com/gfwlist
-server=/.posterous.com/127.0.0.1#5353
-ipset=/.posterous.com/gfwlist
-server=/.power.com/127.0.0.1#5353
-ipset=/.power.com/gfwlist
-server=/.powerapple.com/127.0.0.1#5353
-ipset=/.powerapple.com/gfwlist
-server=/.powercx.com/127.0.0.1#5353
-ipset=/.powercx.com/gfwlist
-server=/.powerphoto.org/127.0.0.1#5353
-ipset=/.powerphoto.org/gfwlist
-server=/.prayforchina.net/127.0.0.1#5353
-ipset=/.prayforchina.net/gfwlist
-server=/.premeforwindows7.com/127.0.0.1#5353
-ipset=/.premeforwindows7.com/gfwlist
-server=/.presentationzen.com/127.0.0.1#5353
-ipset=/.presentationzen.com/gfwlist
-server=/.prestige-av.com/127.0.0.1#5353
-ipset=/.prestige-av.com/gfwlist
-server=/.prisoneralert.com/127.0.0.1#5353
-ipset=/.prisoneralert.com/gfwlist
-server=/.pritunl.com/127.0.0.1#5353
-ipset=/.pritunl.com/gfwlist
-server=/.privacybox.de/127.0.0.1#5353
-ipset=/.privacybox.de/gfwlist
-server=/.private.com/127.0.0.1#5353
-ipset=/.private.com/gfwlist
-server=/.privateinternetaccess.com/127.0.0.1#5353
-ipset=/.privateinternetaccess.com/gfwlist
-server=/.privatepaste.com/127.0.0.1#5353
-ipset=/.privatepaste.com/gfwlist
-server=/.privatetunnel.com/127.0.0.1#5353
-ipset=/.privatetunnel.com/gfwlist
-server=/.privatevpn.com/127.0.0.1#5353
-ipset=/.privatevpn.com/gfwlist
-server=/.procopytips.com/127.0.0.1#5353
-ipset=/.procopytips.com/gfwlist
-server=/.prosiben.de/127.0.0.1#5353
-ipset=/.prosiben.de/gfwlist
-server=/.provideocoalition.com/127.0.0.1#5353
-ipset=/.provideocoalition.com/gfwlist
-server=/.provpnaccounts.com/127.0.0.1#5353
-ipset=/.provpnaccounts.com/gfwlist
-server=/.proxfree.com/127.0.0.1#5353
-ipset=/.proxfree.com/gfwlist
-server=/.proxifier.com/127.0.0.1#5353
-ipset=/.proxifier.com/gfwlist
-server=/.proxomitron.info/127.0.0.1#5353
-ipset=/.proxomitron.info/gfwlist
-server=/.proxpn.com/127.0.0.1#5353
-ipset=/.proxpn.com/gfwlist
-server=/.proxy.org/127.0.0.1#5353
-ipset=/.proxy.org/gfwlist
-server=/.proxyanonimo.es/127.0.0.1#5353
-ipset=/.proxyanonimo.es/gfwlist
-server=/.proxylist.org.uk/127.0.0.1#5353
-ipset=/.proxylist.org.uk/gfwlist
-server=/.proxynetwork.org.uk/127.0.0.1#5353
-ipset=/.proxynetwork.org.uk/gfwlist
-server=/.proxypy.net/127.0.0.1#5353
-ipset=/.proxypy.net/gfwlist
-server=/.proxyroad.com/127.0.0.1#5353
-ipset=/.proxyroad.com/gfwlist
-server=/.proxytunnel.net/127.0.0.1#5353
-ipset=/.proxytunnel.net/gfwlist
-server=/.prozz.net/127.0.0.1#5353
-ipset=/.prozz.net/gfwlist
-server=/.psblog.name/127.0.0.1#5353
-ipset=/.psblog.name/gfwlist
-server=/.psiphon.ca/127.0.0.1#5353
-ipset=/.psiphon.ca/gfwlist
-server=/.psiphon.civisec.org/127.0.0.1#5353
-ipset=/.psiphon.civisec.org/gfwlist
-server=/.ptt.cc/127.0.0.1#5353
-ipset=/.ptt.cc/gfwlist
-server=/.pttvan.org/127.0.0.1#5353
-ipset=/.pttvan.org/gfwlist
-server=/.puffinbrowser.com/127.0.0.1#5353
-ipset=/.puffinbrowser.com/gfwlist
-server=/.puffstore.com/127.0.0.1#5353
-ipset=/.puffstore.com/gfwlist
-server=/.pullfolio.com/127.0.0.1#5353
-ipset=/.pullfolio.com/gfwlist
-server=/.pulse.yahoo.com/127.0.0.1#5353
-ipset=/.pulse.yahoo.com/gfwlist
-server=/.pure18.com/127.0.0.1#5353
-ipset=/.pure18.com/gfwlist
-server=/.pureconcepts.net/127.0.0.1#5353
-ipset=/.pureconcepts.net/gfwlist
-server=/.pureinsight.org/127.0.0.1#5353
-ipset=/.pureinsight.org/gfwlist
-server=/.purepdf.com/127.0.0.1#5353
-ipset=/.purepdf.com/gfwlist
-server=/.purevpn.com/127.0.0.1#5353
-ipset=/.purevpn.com/gfwlist
-server=/.purplelotus.org/127.0.0.1#5353
-ipset=/.purplelotus.org/gfwlist
-server=/.putlocker.com/127.0.0.1#5353
-ipset=/.putlocker.com/gfwlist
-server=/.putty.org/127.0.0.1#5353
-ipset=/.putty.org/gfwlist
-server=/.puttycm.free.fr/127.0.0.1#5353
-ipset=/.puttycm.free.fr/gfwlist
-server=/.pwned.com/127.0.0.1#5353
-ipset=/.pwned.com/gfwlist
-server=/.python.com/127.0.0.1#5353
-ipset=/.python.com/gfwlist
-server=/.qanote.com/127.0.0.1#5353
-ipset=/.qanote.com/gfwlist
-server=/.qidian.ca/127.0.0.1#5353
-ipset=/.qidian.ca/gfwlist
-server=/.qienkuen.org/127.0.0.1#5353
-ipset=/.qienkuen.org/gfwlist
-server=/.qi-gong.me/127.0.0.1#5353
-ipset=/.qi-gong.me/gfwlist
-server=/.qiwen.lu/127.0.0.1#5353
-ipset=/.qiwen.lu/gfwlist
-server=/.qixianglu.cn/127.0.0.1#5353
-ipset=/.qixianglu.cn/gfwlist
-server=/.qkshare.com/127.0.0.1#5353
-ipset=/.qkshare.com/gfwlist
-server=/.qoos.com/127.0.0.1#5353
-ipset=/.qoos.com/gfwlist
-server=/.qq.co.za/127.0.0.1#5353
-ipset=/.qq.co.za/gfwlist
-server=/.qstatus.com/127.0.0.1#5353
-ipset=/.qstatus.com/gfwlist
-server=/.qtrac.eu/127.0.0.1#5353
-ipset=/.qtrac.eu/gfwlist
-server=/.qtweeter.com/127.0.0.1#5353
-ipset=/.qtweeter.com/gfwlist
-server=/.quitccp.net/127.0.0.1#5353
-ipset=/.quitccp.net/gfwlist
-server=/.quitccp.org/127.0.0.1#5353
-ipset=/.quitccp.org/gfwlist
-server=/.quran.com/127.0.0.1#5353
-ipset=/.quran.com/gfwlist
-server=/.quranexplorer.com/127.0.0.1#5353
-ipset=/.quranexplorer.com/gfwlist
-server=/.qusi8.net/127.0.0.1#5353
-ipset=/.qusi8.net/gfwlist
-server=/.qvodzy.org/127.0.0.1#5353
-ipset=/.qvodzy.org/gfwlist
-server=/.qxbbs.org/127.0.0.1#5353
-ipset=/.qxbbs.org/gfwlist
-server=/.r18.com/127.0.0.1#5353
-ipset=/.r18.com/gfwlist
-server=/.ra.gg/127.0.0.1#5353
-ipset=/.ra.gg/gfwlist
-server=/.radicalparty.org/127.0.0.1#5353
-ipset=/.radicalparty.org/gfwlist
-server=/.radiko.jp/127.0.0.1#5353
-ipset=/.radiko.jp/gfwlist
-server=/.radioaustralia.net.au/127.0.0.1#5353
-ipset=/.radioaustralia.net.au/gfwlist
-server=/.radiohilight.net/127.0.0.1#5353
-ipset=/.radiohilight.net/gfwlist
-server=/.radiovaticana.org/127.0.0.1#5353
-ipset=/.radiovaticana.org/gfwlist
-server=/.radiovncr.com/127.0.0.1#5353
-ipset=/.radiovncr.com/gfwlist
-server=/.raizoji.or.jp/127.0.0.1#5353
-ipset=/.raizoji.or.jp/gfwlist
-server=/.rangwang.biz/127.0.0.1#5353
-ipset=/.rangwang.biz/gfwlist
-server=/.rangzen.com/127.0.0.1#5353
-ipset=/.rangzen.com/gfwlist
-server=/.rangzen.net/127.0.0.1#5353
-ipset=/.rangzen.net/gfwlist
-server=/.rangzen.org/127.0.0.1#5353
-ipset=/.rangzen.org/gfwlist
-server=/.ranyunfei.com/127.0.0.1#5353
-ipset=/.ranyunfei.com/gfwlist
-server=/.rapbull.net/127.0.0.1#5353
-ipset=/.rapbull.net/gfwlist
-server=/.rapidgator.net/127.0.0.1#5353
-ipset=/.rapidgator.net/gfwlist
-server=/.rapidshare8.com/127.0.0.1#5353
-ipset=/.rapidshare8.com/gfwlist
-server=/.rapidsharedata.com/127.0.0.1#5353
-ipset=/.rapidsharedata.com/gfwlist
-server=/.rapidvpn.com/127.0.0.1#5353
-ipset=/.rapidvpn.com/gfwlist
-server=/.raremovie.cc/127.0.0.1#5353
-ipset=/.raremovie.cc/gfwlist
-server=/.raremovie.net/127.0.0.1#5353
-ipset=/.raremovie.net/gfwlist
-server=/.razyboard.com/127.0.0.1#5353
-ipset=/.razyboard.com/gfwlist
-server=/.rcinet.ca/127.0.0.1#5353
-ipset=/.rcinet.ca/gfwlist
-server=/.rconversation.blogs.com/127.0.0.1#5353
-ipset=/.rconversation.blogs.com/gfwlist
-server=/.rd.com/127.0.0.1#5353
-ipset=/.rd.com/gfwlist
-server=/.rdio.com/127.0.0.1#5353
-ipset=/.rdio.com/gfwlist
-server=/.read100.com/127.0.0.1#5353
-ipset=/.read100.com/gfwlist
-server=/.readmoo.com/127.0.0.1#5353
-ipset=/.readmoo.com/gfwlist
-server=/.realcourage.org/127.0.0.1#5353
-ipset=/.realcourage.org/gfwlist
-server=/.realraptalk.com/127.0.0.1#5353
-ipset=/.realraptalk.com/gfwlist
-server=/.recaptcha.net/127.0.0.1#5353
-ipset=/.recaptcha.net/gfwlist
-server=/.recordhistory.org/127.0.0.1#5353
-ipset=/.recordhistory.org/gfwlist
-server=/.redchinacn.org/127.0.0.1#5353
-ipset=/.redchinacn.org/gfwlist
-server=/.redtube.com/127.0.0.1#5353
-ipset=/.redtube.com/gfwlist
-server=/.referer.us/127.0.0.1#5353
-ipset=/.referer.us/gfwlist
-server=/.reflectivecode.com/127.0.0.1#5353
-ipset=/.reflectivecode.com/gfwlist
-#server=/.registry.google/127.0.0.1#5353
-#ipset=/.registry.google/gfwlist
-server=/.relaxbbs.com/127.0.0.1#5353
-ipset=/.relaxbbs.com/gfwlist
-server=/.releaseinternational.org/127.0.0.1#5353
-ipset=/.releaseinternational.org/gfwlist
-server=/.religioustolerance.org/127.0.0.1#5353
-ipset=/.religioustolerance.org/gfwlist
-server=/.renminbao.com/127.0.0.1#5353
-ipset=/.renminbao.com/gfwlist
-server=/.renyurenquan.org/127.0.0.1#5353
-ipset=/.renyurenquan.org/gfwlist
-server=/.research.jmsc.hku.hk/127.0.0.1#5353
-ipset=/.research.jmsc.hku.hk/gfwlist
-server=/.retweeteffect.com/127.0.0.1#5353
-ipset=/.retweeteffect.com/gfwlist
-server=/.retweetist.com/127.0.0.1#5353
-ipset=/.retweetist.com/gfwlist
-server=/.retweetrank.com/127.0.0.1#5353
-ipset=/.retweetrank.com/gfwlist
-server=/.reuters.com/127.0.0.1#5353
-ipset=/.reuters.com/gfwlist
-server=/.revleft.com/127.0.0.1#5353
-ipset=/.revleft.com/gfwlist
-server=/.revver.com/127.0.0.1#5353
-ipset=/.revver.com/gfwlist
-server=/.rfa.org/127.0.0.1#5353
-ipset=/.rfa.org/gfwlist
-server=/.rfachina.com/127.0.0.1#5353
-ipset=/.rfachina.com/gfwlist
-server=/.rfamobile.org/127.0.0.1#5353
-ipset=/.rfamobile.org/gfwlist
-server=/.rfaweb.org/127.0.0.1#5353
-ipset=/.rfaweb.org/gfwlist
-server=/.rferl.org/127.0.0.1#5353
-ipset=/.rferl.org/gfwlist
-server=/.rfi.fr/127.0.0.1#5353
-ipset=/.rfi.fr/gfwlist
-server=/.rfi.my/127.0.0.1#5353
-ipset=/.rfi.my/gfwlist
-server=/.rhcloud.com/127.0.0.1#5353
-ipset=/.rhcloud.com/gfwlist
-server=/.riku.me/127.0.0.1#5353
-ipset=/.riku.me/gfwlist
-server=/.rileyguide.com/127.0.0.1#5353
-ipset=/.rileyguide.com/gfwlist
-server=/.ritouki.jp/127.0.0.1#5353
-ipset=/.ritouki.jp/gfwlist
-server=/.rlwlw.com/127.0.0.1#5353
-ipset=/.rlwlw.com/gfwlist
-server=/.rmjdw.com/127.0.0.1#5353
-ipset=/.rmjdw.com/gfwlist
-server=/.rmjdw132.info/127.0.0.1#5353
-ipset=/.rmjdw132.info/gfwlist
-server=/.rnw.global.ssl.fastly.net/127.0.0.1#5353
-ipset=/.rnw.global.ssl.fastly.net/gfwlist
-server=/.rnw.nl/127.0.0.1#5353
-ipset=/.rnw.nl/gfwlist
-server=/.roadshow.hk/127.0.0.1#5353
-ipset=/.roadshow.hk/gfwlist
-server=/.robtex.com/127.0.0.1#5353
-ipset=/.robtex.com/gfwlist
-server=/.robustnessiskey.com/127.0.0.1#5353
-ipset=/.robustnessiskey.com/gfwlist
-server=/.rocket-inc.net/127.0.0.1#5353
-ipset=/.rocket-inc.net/gfwlist
-server=/.rocmp.org/127.0.0.1#5353
-ipset=/.rocmp.org/gfwlist
-server=/.rojo.com/127.0.0.1#5353
-ipset=/.rojo.com/gfwlist
-server=/.rolia.net/127.0.0.1#5353
-ipset=/.rolia.net/gfwlist
-server=/.ronjoneswriter.com/127.0.0.1#5353
-ipset=/.ronjoneswriter.com/gfwlist
-server=/.roodo.com/127.0.0.1#5353
-ipset=/.roodo.com/gfwlist
-server=/.rosechina.net/127.0.0.1#5353
-ipset=/.rosechina.net/gfwlist
-server=/.rotten.com/127.0.0.1#5353
-ipset=/.rotten.com/gfwlist
-server=/.rsf.org/127.0.0.1#5353
-ipset=/.rsf.org/gfwlist
-server=/.rsf-chinese.org/127.0.0.1#5353
-ipset=/.rsf-chinese.org/gfwlist
-server=/.rsgamen.org/127.0.0.1#5353
-ipset=/.rsgamen.org/gfwlist
-server=/.rssmeme.com/127.0.0.1#5353
-ipset=/.rssmeme.com/gfwlist
-server=/.rthk.hk/127.0.0.1#5353
-ipset=/.rthk.hk/gfwlist
-server=/.rthk.org.hk/127.0.0.1#5353
-ipset=/.rthk.org.hk/gfwlist
-server=/.ruanyifeng.com/127.0.0.1#5353
-ipset=/.ruanyifeng.com/gfwlist
-server=/.rushbee.com/127.0.0.1#5353
-ipset=/.rushbee.com/gfwlist
-server=/.rutube.ru/127.0.0.1#5353
-ipset=/.rutube.ru/gfwlist
-server=/.ruyiseek.com/127.0.0.1#5353
-ipset=/.ruyiseek.com/gfwlist
-server=/.rxhj.net/127.0.0.1#5353
-ipset=/.rxhj.net/gfwlist
-server=/.s.xiaod.in/127.0.0.1#5353
-ipset=/.s.xiaod.in/gfwlist
-server=/.s1heng.com/127.0.0.1#5353
-ipset=/.s1heng.com/gfwlist
-server=/.s1s1s1.com/127.0.0.1#5353
-ipset=/.s1s1s1.com/gfwlist
-server=/.s8forum.com/127.0.0.1#5353
-ipset=/.s8forum.com/gfwlist
-server=/.sa.hao123.com/127.0.0.1#5353
-ipset=/.sa.hao123.com/gfwlist
-server=/.sacom.hk/127.0.0.1#5353
-ipset=/.sacom.hk/gfwlist
-server=/.sadistic-v.com/127.0.0.1#5353
-ipset=/.sadistic-v.com/gfwlist
-server=/.sadpanda.us/127.0.0.1#5353
-ipset=/.sadpanda.us/gfwlist
-server=/.safervpn.com/127.0.0.1#5353
-ipset=/.safervpn.com/gfwlist
-server=/.saiq.me/127.0.0.1#5353
-ipset=/.saiq.me/gfwlist
-server=/.sakuralive.com/127.0.0.1#5353
-ipset=/.sakuralive.com/gfwlist
-server=/.salvation.org.hk/127.0.0.1#5353
-ipset=/.salvation.org.hk/gfwlist
-server=/.samair.ru/127.0.0.1#5353
-ipset=/.samair.ru/gfwlist
-server=/.sambhota.org/127.0.0.1#5353
-ipset=/.sambhota.org/gfwlist
-server=/.samsoff.es/127.0.0.1#5353
-ipset=/.samsoff.es/gfwlist
-server=/.sankaizok.com/127.0.0.1#5353
-ipset=/.sankaizok.com/gfwlist
-server=/.sapikachu.net/127.0.0.1#5353
-ipset=/.sapikachu.net/gfwlist
-server=/.savemedia.com/127.0.0.1#5353
-ipset=/.savemedia.com/gfwlist
-server=/.savetibet.de/127.0.0.1#5353
-ipset=/.savetibet.de/gfwlist
-server=/.savetibet.fr/127.0.0.1#5353
-ipset=/.savetibet.fr/gfwlist
-server=/.savetibet.nl/127.0.0.1#5353
-ipset=/.savetibet.nl/gfwlist
-server=/.savetibet.org/127.0.0.1#5353
-ipset=/.savetibet.org/gfwlist
-server=/.savetibet.ru/127.0.0.1#5353
-ipset=/.savetibet.ru/gfwlist
-server=/.savevid.com/127.0.0.1#5353
-ipset=/.savevid.com/gfwlist
-server=/.say2.info/127.0.0.1#5353
-ipset=/.say2.info/gfwlist
-server=/.sciencenets.com/127.0.0.1#5353
-ipset=/.sciencenets.com/gfwlist
-server=/.scihub.org/127.0.0.1#5353
-ipset=/.scihub.org/gfwlist
-server=/.scmp.com/127.0.0.1#5353
-ipset=/.scmp.com/gfwlist
-server=/.scmpchinese.com/127.0.0.1#5353
-ipset=/.scmpchinese.com/gfwlist
-server=/.scribd.com/127.0.0.1#5353
-ipset=/.scribd.com/gfwlist
-server=/.scriptspot.com/127.0.0.1#5353
-ipset=/.scriptspot.com/gfwlist
-server=/.s-cute.com/127.0.0.1#5353
-ipset=/.s-cute.com/gfwlist
-server=/.s-dragon.org/127.0.0.1#5353
-ipset=/.s-dragon.org/gfwlist
-server=/.seapuff.com/127.0.0.1#5353
-ipset=/.seapuff.com/gfwlist
-server=/.search.aol.com/127.0.0.1#5353
-ipset=/.search.aol.com/gfwlist
-server=/.search.xxx/127.0.0.1#5353
-ipset=/.search.xxx/gfwlist
-server=/.secretchina.com/127.0.0.1#5353
-ipset=/.secretchina.com/gfwlist
-server=/.secretgarden.no/127.0.0.1#5353
-ipset=/.secretgarden.no/gfwlist
-server=/.secretsline.biz/127.0.0.1#5353
-ipset=/.secretsline.biz/gfwlist
-server=/.secure.hustler.com/127.0.0.1#5353
-ipset=/.secure.hustler.com/gfwlist
-server=/.secure.logmein.com/127.0.0.1#5353
-ipset=/.secure.logmein.com/gfwlist
-server=/.securetunnel.com/127.0.0.1#5353
-ipset=/.securetunnel.com/gfwlist
-server=/.securitykiss.com/127.0.0.1#5353
-ipset=/.securitykiss.com/gfwlist
-server=/.seesmic.com/127.0.0.1#5353
-ipset=/.seesmic.com/gfwlist
-server=/.seevpn.com/127.0.0.1#5353
-ipset=/.seevpn.com/gfwlist
-server=/.seezone.net/127.0.0.1#5353
-ipset=/.seezone.net/gfwlist
-server=/.sejie.com/127.0.0.1#5353
-ipset=/.sejie.com/gfwlist
-server=/.sendoid.com/127.0.0.1#5353
-ipset=/.sendoid.com/gfwlist
-server=/.sendspace.com/127.0.0.1#5353
-ipset=/.sendspace.com/gfwlist
-server=/.sesawe.net/127.0.0.1#5353
-ipset=/.sesawe.net/gfwlist
-server=/.sesawe.org/127.0.0.1#5353
-ipset=/.sesawe.org/gfwlist
-server=/.sethwklein.net/127.0.0.1#5353
-ipset=/.sethwklein.net/gfwlist
-server=/.sevenload.com/127.0.0.1#5353
-ipset=/.sevenload.com/gfwlist
-server=/.sex.com/127.0.0.1#5353
-ipset=/.sex.com/gfwlist
-server=/.sex-11.com/127.0.0.1#5353
-ipset=/.sex-11.com/gfwlist
-server=/.sex3.com/127.0.0.1#5353
-ipset=/.sex3.com/gfwlist
-server=/.sex8.cc/127.0.0.1#5353
-ipset=/.sex8.cc/gfwlist
-server=/.sexandsubmission.com/127.0.0.1#5353
-ipset=/.sexandsubmission.com/gfwlist
-server=/.sexhu.com/127.0.0.1#5353
-ipset=/.sexhu.com/gfwlist
-server=/.sexhuang.com/127.0.0.1#5353
-ipset=/.sexhuang.com/gfwlist
-server=/.sexinsex.net/127.0.0.1#5353
-ipset=/.sexinsex.net/gfwlist
-server=/.sf.net/127.0.0.1#5353
-ipset=/.sf.net/gfwlist
-server=/.sfileydy.com/127.0.0.1#5353
-ipset=/.sfileydy.com/gfwlist
-server=/.sftindia.org/127.0.0.1#5353
-ipset=/.sftindia.org/gfwlist
-server=/.sftuk.org/127.0.0.1#5353
-ipset=/.sftuk.org/gfwlist
-server=/.shadow.ma/127.0.0.1#5353
-ipset=/.shadow.ma/gfwlist
-server=/.shadowsocks.org/127.0.0.1#5353
-ipset=/.shadowsocks.org/gfwlist
-server=/.shahamat-english.com/127.0.0.1#5353
-ipset=/.shahamat-english.com/gfwlist
-server=/.shangfang.org/127.0.0.1#5353
-ipset=/.shangfang.org/gfwlist
-server=/.shapeservices.com/127.0.0.1#5353
-ipset=/.shapeservices.com/gfwlist
-server=/.share.dmhy.org/127.0.0.1#5353
-ipset=/.share.dmhy.org/gfwlist
-server=/.share.ovi.com/127.0.0.1#5353
-ipset=/.share.ovi.com/gfwlist
-server=/.sharebee.com/127.0.0.1#5353
-ipset=/.sharebee.com/gfwlist
-server=/.sharecool.org/127.0.0.1#5353
-ipset=/.sharecool.org/gfwlist
-server=/.sharpdaily.com.hk/127.0.0.1#5353
-ipset=/.sharpdaily.com.hk/gfwlist
-server=/.sharpdaily.hk/127.0.0.1#5353
-ipset=/.sharpdaily.hk/gfwlist
-server=/.shat-tibet.com/127.0.0.1#5353
-ipset=/.shat-tibet.com/gfwlist
-server=/.sheikyermami.com/127.0.0.1#5353
-ipset=/.sheikyermami.com/gfwlist
-server=/.shenshou.org/127.0.0.1#5353
-ipset=/.shenshou.org/gfwlist
-server=/.shenyun.com/127.0.0.1#5353
-ipset=/.shenyun.com/gfwlist
-server=/.shenyunperformingarts.org/127.0.0.1#5353
-ipset=/.shenyunperformingarts.org/gfwlist
-server=/.shenzhoufilm.com/127.0.0.1#5353
-ipset=/.shenzhoufilm.com/gfwlist
-server=/.shicheng.org/127.0.0.1#5353
-ipset=/.shicheng.org/gfwlist
-server=/.shinychan.com/127.0.0.1#5353
-ipset=/.shinychan.com/gfwlist
-server=/.shitaotv.org/127.0.0.1#5353
-ipset=/.shitaotv.org/gfwlist
-server=/.shixiao.org/127.0.0.1#5353
-ipset=/.shixiao.org/gfwlist
-server=/.shizhao.org/127.0.0.1#5353
-ipset=/.shizhao.org/gfwlist
-server=/.shkspr.mobi/127.0.0.1#5353
-ipset=/.shkspr.mobi/gfwlist
-server=/.shodanhq.com/127.0.0.1#5353
-ipset=/.shodanhq.com/gfwlist
-server=/.shopping.com/127.0.0.1#5353
-ipset=/.shopping.com/gfwlist
-server=/.showbiz.omy.sg/127.0.0.1#5353
-ipset=/.showbiz.omy.sg/gfwlist
-server=/.showtime.jp/127.0.0.1#5353
-ipset=/.showtime.jp/gfwlist
-server=/.shutterstock.com/127.0.0.1#5353
-ipset=/.shutterstock.com/gfwlist
-server=/.shwchurch.org/127.0.0.1#5353
-ipset=/.shwchurch.org/gfwlist
-server=/.shwchurch3.com/127.0.0.1#5353
-ipset=/.shwchurch3.com/gfwlist
-server=/.sidelinesnews.com/127.0.0.1#5353
-ipset=/.sidelinesnews.com/gfwlist
-server=/.sidelinessportseatery.com/127.0.0.1#5353
-ipset=/.sidelinessportseatery.com/gfwlist
-server=/.simplecd.org/127.0.0.1#5353
-ipset=/.simplecd.org/gfwlist
-server=/.simpleproductivityblog.com/127.0.0.1#5353
-ipset=/.simpleproductivityblog.com/gfwlist
-server=/.sinchew.com.my/127.0.0.1#5353
-ipset=/.sinchew.com.my/gfwlist
-server=/.singaporepools.com.sg/127.0.0.1#5353
-ipset=/.singaporepools.com.sg/gfwlist
-server=/.singtao.com/127.0.0.1#5353
-ipset=/.singtao.com/gfwlist
-server=/.sinoants.com/127.0.0.1#5353
-ipset=/.sinoants.com/gfwlist
-server=/.sinocast.com/127.0.0.1#5353
-ipset=/.sinocast.com/gfwlist
-server=/.sinocism.com/127.0.0.1#5353
-ipset=/.sinocism.com/gfwlist
-server=/.sino-monthly.com/127.0.0.1#5353
-ipset=/.sino-monthly.com/gfwlist
-server=/.sinomontreal.ca/127.0.0.1#5353
-ipset=/.sinomontreal.ca/gfwlist
-server=/.sinonet.ca/127.0.0.1#5353
-ipset=/.sinonet.ca/gfwlist
-server=/.sinopitt.info/127.0.0.1#5353
-ipset=/.sinopitt.info/gfwlist
-server=/.sinoquebec.com/127.0.0.1#5353
-ipset=/.sinoquebec.com/gfwlist
-server=/.sipml5.org/127.0.0.1#5353
-ipset=/.sipml5.org/gfwlist
-server=/.sis.xxx/127.0.0.1#5353
-ipset=/.sis.xxx/gfwlist
-server=/.sis001.com/127.0.0.1#5353
-ipset=/.sis001.com/gfwlist
-server=/.sis001.us/127.0.0.1#5353
-ipset=/.sis001.us/gfwlist
-server=/.site90.net/127.0.0.1#5353
-ipset=/.site90.net/gfwlist
-server=/.sitekreator.com/127.0.0.1#5353
-ipset=/.sitekreator.com/gfwlist
-server=/.siteks.uk.to/127.0.0.1#5353
-ipset=/.siteks.uk.to/gfwlist
-server=/.sitemaps.org/127.0.0.1#5353
-ipset=/.sitemaps.org/gfwlist
-server=/.sitetag.us/127.0.0.1#5353
-ipset=/.sitetag.us/gfwlist
-server=/.sjum.cn/127.0.0.1#5353
-ipset=/.sjum.cn/gfwlist
-server=/.skimtube.com/127.0.0.1#5353
-ipset=/.skimtube.com/gfwlist
-server=/.skybet.com/127.0.0.1#5353
-ipset=/.skybet.com/gfwlist
-server=/.skyhighpremium.com/127.0.0.1#5353
-ipset=/.skyhighpremium.com/gfwlist
-server=/.skyvegas.com/127.0.0.1#5353
-ipset=/.skyvegas.com/gfwlist
-server=/.slacker.com/127.0.0.1#5353
-ipset=/.slacker.com/gfwlist
-server=/.slavasoft.com/127.0.0.1#5353
-ipset=/.slavasoft.com/gfwlist
-server=/.slheng.com/127.0.0.1#5353
-ipset=/.slheng.com/gfwlist
-server=/.slickvpn.com/127.0.0.1#5353
-ipset=/.slickvpn.com/gfwlist
-server=/.slideshare.net/127.0.0.1#5353
-ipset=/.slideshare.net/gfwlist
-server=/.slinkset.com/127.0.0.1#5353
-ipset=/.slinkset.com/gfwlist
-server=/.slutload.com/127.0.0.1#5353
-ipset=/.slutload.com/gfwlist
-server=/.slyip.com/127.0.0.1#5353
-ipset=/.slyip.com/gfwlist
-server=/.smh.com.au/127.0.0.1#5353
-ipset=/.smh.com.au/gfwlist
-server=/.smhric.org/127.0.0.1#5353
-ipset=/.smhric.org/gfwlist
-server=/.snapchat.com/127.0.0.1#5353
-ipset=/.snapchat.com/gfwlist
-server=/.snaptu.com/127.0.0.1#5353
-ipset=/.snaptu.com/gfwlist
-server=/.sndcdn.com/127.0.0.1#5353
-ipset=/.sndcdn.com/gfwlist
-server=/.sneakme.net/127.0.0.1#5353
-ipset=/.sneakme.net/gfwlist
-server=/.snooper.co.uk/127.0.0.1#5353
-ipset=/.snooper.co.uk/gfwlist
-server=/.snowlionpub.com/127.0.0.1#5353
-ipset=/.snowlionpub.com/gfwlist
-server=/.sobees.com/127.0.0.1#5353
-ipset=/.sobees.com/gfwlist
-server=/.soc.mil/127.0.0.1#5353
-ipset=/.soc.mil/gfwlist
-server=/.socialwhale.com/127.0.0.1#5353
-ipset=/.socialwhale.com/gfwlist
-server=/.sockslist.net/127.0.0.1#5353
-ipset=/.sockslist.net/gfwlist
-server=/.socrec.org/127.0.0.1#5353
-ipset=/.socrec.org/gfwlist
-server=/.sod.co.jp/127.0.0.1#5353
-ipset=/.sod.co.jp/gfwlist
-server=/.softether.co.jp/127.0.0.1#5353
-ipset=/.softether.co.jp/gfwlist
-server=/.softether.org/127.0.0.1#5353
-ipset=/.softether.org/gfwlist
-server=/.softether-download.com/127.0.0.1#5353
-ipset=/.softether-download.com/gfwlist
-server=/.softwarebychuck.com/127.0.0.1#5353
-ipset=/.softwarebychuck.com/gfwlist
-server=/.softwaredownload.gitbooks.io/127.0.0.1#5353
-ipset=/.softwaredownload.gitbooks.io/gfwlist
-server=/.so-ga.net/127.0.0.1#5353
-ipset=/.so-ga.net/gfwlist
-server=/.sogclub.com/127.0.0.1#5353
-ipset=/.sogclub.com/gfwlist
-server=/.sogrady.me/127.0.0.1#5353
-ipset=/.sogrady.me/gfwlist
-server=/.sohcradio.com/127.0.0.1#5353
-ipset=/.sohcradio.com/gfwlist
-server=/.sohfrance.org/127.0.0.1#5353
-ipset=/.sohfrance.org/gfwlist
-server=/.sokamonline.com/127.0.0.1#5353
-ipset=/.sokamonline.com/gfwlist
-server=/.somee.com/127.0.0.1#5353
-ipset=/.somee.com/gfwlist
-server=/.so-news.com/127.0.0.1#5353
-ipset=/.so-news.com/gfwlist
-server=/.songjianjun.com/127.0.0.1#5353
-ipset=/.songjianjun.com/gfwlist
-server=/.sonidodelaesperanza.org/127.0.0.1#5353
-ipset=/.sonidodelaesperanza.org/gfwlist
-server=/.sopcast.com/127.0.0.1#5353
-ipset=/.sopcast.com/gfwlist
-server=/.sopcast.org/127.0.0.1#5353
-ipset=/.sopcast.org/gfwlist
-server=/.sorazone.net/127.0.0.1#5353
-ipset=/.sorazone.net/gfwlist
-server=/.sorting-algorithms.com/127.0.0.1#5353
-ipset=/.sorting-algorithms.com/gfwlist
-server=/.soulcaliburhentai.net/127.0.0.1#5353
-ipset=/.soulcaliburhentai.net/gfwlist
-server=/.soul-plus.net/127.0.0.1#5353
-ipset=/.soul-plus.net/gfwlist
-server=/.soumo.info/127.0.0.1#5353
-ipset=/.soumo.info/gfwlist
-server=/.soundcloud.com/127.0.0.1#5353
-ipset=/.soundcloud.com/gfwlist
-server=/.soundofhope.kr/127.0.0.1#5353
-ipset=/.soundofhope.kr/gfwlist
-server=/.soundofhope.org/127.0.0.1#5353
-ipset=/.soundofhope.org/gfwlist
-server=/.soup.io/127.0.0.1#5353
-ipset=/.soup.io/gfwlist
-server=/.soupofmedia.com/127.0.0.1#5353
-ipset=/.soupofmedia.com/gfwlist
-server=/.sourceforge.net/127.0.0.1#5353
-ipset=/.sourceforge.net/gfwlist
-server=/.sourcewadio.com/127.0.0.1#5353
-ipset=/.sourcewadio.com/gfwlist
-server=/.sowers.org.hk/127.0.0.1#5353
-ipset=/.sowers.org.hk/gfwlist
-server=/.space-scape.com/127.0.0.1#5353
-ipset=/.space-scape.com/gfwlist
-server=/.spankbang.com/127.0.0.1#5353
-ipset=/.spankbang.com/gfwlist
-server=/.spankwire.com/127.0.0.1#5353
-ipset=/.spankwire.com/gfwlist
-server=/.spb.com/127.0.0.1#5353
-ipset=/.spb.com/gfwlist
-server=/.speakerdeck.com/127.0.0.1#5353
-ipset=/.speakerdeck.com/gfwlist
-server=/.speckleapp.com/127.0.0.1#5353
-ipset=/.speckleapp.com/gfwlist
-server=/.spem.at/127.0.0.1#5353
-ipset=/.spem.at/gfwlist
-server=/.spencertipping.com/127.0.0.1#5353
-ipset=/.spencertipping.com/gfwlist
-server=/.spicevpn.com/127.0.0.1#5353
-ipset=/.spicevpn.com/gfwlist
-server=/.spike.com/127.0.0.1#5353
-ipset=/.spike.com/gfwlist
-server=/.spinejs.com/127.0.0.1#5353
-ipset=/.spinejs.com/gfwlist
-server=/.sports.williamhill.com/127.0.0.1#5353
-ipset=/.sports.williamhill.com/gfwlist
-server=/.spotify.com/127.0.0.1#5353
-ipset=/.spotify.com/gfwlist
-server=/.spring4u.info/127.0.0.1#5353
-ipset=/.spring4u.info/gfwlist
-server=/.springboardplatform.com/127.0.0.1#5353
-ipset=/.springboardplatform.com/gfwlist
-server=/.sproutcore.com/127.0.0.1#5353
-ipset=/.sproutcore.com/gfwlist
-server=/.sproxy.info/127.0.0.1#5353
-ipset=/.sproxy.info/gfwlist
-server=/.squarespace.com/127.0.0.1#5353
-ipset=/.squarespace.com/gfwlist
-server=/.srcf.ucam.org/127.0.0.1#5353
-ipset=/.srcf.ucam.org/gfwlist
-server=/.ssh91.com/127.0.0.1#5353
-ipset=/.ssh91.com/gfwlist
-server=/.stackoverflow.com/127.0.0.1#5353
-ipset=/.stackoverflow.com/gfwlist
-server=/.stage64.hk/127.0.0.1#5353
-ipset=/.stage64.hk/gfwlist
-server=/.standupfortibet.org/127.0.0.1#5353
-ipset=/.standupfortibet.org/gfwlist
-server=/.stanford.edu/127.0.0.1#5353
-ipset=/.stanford.edu/gfwlist
-server=/.starp2p.com/127.0.0.1#5353
-ipset=/.starp2p.com/gfwlist
-server=/.startpage.com/127.0.0.1#5353
-ipset=/.startpage.com/gfwlist
-server=/.state168.com/127.0.0.1#5353
-ipset=/.state168.com/gfwlist
-server=/.static.digg.com/127.0.0.1#5353
-ipset=/.static.digg.com/gfwlist
-server=/.staticflickr.com/127.0.0.1#5353
-ipset=/.staticflickr.com/gfwlist
-server=/.steel-storm.com/127.0.0.1#5353
-ipset=/.steel-storm.com/gfwlist
-server=/.stephaniered.com/127.0.0.1#5353
-ipset=/.stephaniered.com/gfwlist
-server=/.stepmania.com/127.0.0.1#5353
-ipset=/.stepmania.com/gfwlist
-server=/.sthoo.com/127.0.0.1#5353
-ipset=/.sthoo.com/gfwlist
-server=/.stickam.com/127.0.0.1#5353
-ipset=/.stickam.com/gfwlist
-server=/.stickeraction.com/127.0.0.1#5353
-ipset=/.stickeraction.com/gfwlist
-server=/.sto.cc/127.0.0.1#5353
-ipset=/.sto.cc/gfwlist
-server=/.stoneip.info/127.0.0.1#5353
-ipset=/.stoneip.info/gfwlist
-server=/.stoptibetcrisis.net/127.0.0.1#5353
-ipset=/.stoptibetcrisis.net/gfwlist
-server=/.storagenewsletter.com/127.0.0.1#5353
-ipset=/.storagenewsletter.com/gfwlist
-server=/.storify.com/127.0.0.1#5353
-ipset=/.storify.com/gfwlist
-server=/.storm.mg/127.0.0.1#5353
-ipset=/.storm.mg/gfwlist
-server=/.stormmediagroup.com/127.0.0.1#5353
-ipset=/.stormmediagroup.com/gfwlist
-server=/.stoweboyd.com/127.0.0.1#5353
-ipset=/.stoweboyd.com/gfwlist
-server=/.streamingthe.net/127.0.0.1#5353
-ipset=/.streamingthe.net/gfwlist
-server=/.streema.com/127.0.0.1#5353
-ipset=/.streema.com/gfwlist
-server=/.strongvpn.com/127.0.0.1#5353
-ipset=/.strongvpn.com/gfwlist
-server=/.strongwindpress.com/127.0.0.1#5353
-ipset=/.strongwindpress.com/gfwlist
-server=/.studentsforafreetibet.org/127.0.0.1#5353
-ipset=/.studentsforafreetibet.org/gfwlist
-server=/.stuffimreading.net/127.0.0.1#5353
-ipset=/.stuffimreading.net/gfwlist
-server=/.stumbleupon.com/127.0.0.1#5353
-ipset=/.stumbleupon.com/gfwlist
-server=/.stupidvideos.com/127.0.0.1#5353
-ipset=/.stupidvideos.com/gfwlist
-server=/.subacme.rerouted.org/127.0.0.1#5353
-ipset=/.subacme.rerouted.org/gfwlist
-server=/.sugarsync.com/127.0.0.1#5353
-ipset=/.sugarsync.com/gfwlist
-server=/.suissl.com/127.0.0.1#5353
-ipset=/.suissl.com/gfwlist
-server=/.summify.com/127.0.0.1#5353
-ipset=/.summify.com/gfwlist
-server=/.sun1911.com/127.0.0.1#5353
-ipset=/.sun1911.com/gfwlist
-server=/.sunporno.com/127.0.0.1#5353
-ipset=/.sunporno.com/gfwlist
-server=/.sunvpn.net/127.0.0.1#5353
-ipset=/.sunvpn.net/gfwlist
-server=/.suoluo.org/127.0.0.1#5353
-ipset=/.suoluo.org/gfwlist
-server=/.suprememastertv.com/127.0.0.1#5353
-ipset=/.suprememastertv.com/gfwlist
-server=/.surfeasy.com/127.0.0.1#5353
-ipset=/.surfeasy.com/gfwlist
-server=/.surfeasy.com.au/127.0.0.1#5353
-ipset=/.surfeasy.com.au/gfwlist
-server=/.suroot.com/127.0.0.1#5353
-ipset=/.suroot.com/gfwlist
-server=/.surrenderat20.net/127.0.0.1#5353
-ipset=/.surrenderat20.net/gfwlist
-server=/.suyangg.com/127.0.0.1#5353
-ipset=/.suyangg.com/gfwlist
-server=/.svwind.com/127.0.0.1#5353
-ipset=/.svwind.com/gfwlist
-server=/.sweux.com/127.0.0.1#5353
-ipset=/.sweux.com/gfwlist
-server=/.swift-tools.net/127.0.0.1#5353
-ipset=/.swift-tools.net/gfwlist
-server=/.swissvpn.net/127.0.0.1#5353
-ipset=/.swissvpn.net/gfwlist
-server=/.switch1.jp/127.0.0.1#5353
-ipset=/.switch1.jp/gfwlist
-server=/.switchvpn.net/127.0.0.1#5353
-ipset=/.switchvpn.net/gfwlist
-server=/.sydneytoday.com/127.0.0.1#5353
-ipset=/.sydneytoday.com/gfwlist
-server=/.sylfoundation.org/127.0.0.1#5353
-ipset=/.sylfoundation.org/gfwlist
-server=/.syncback.com/127.0.0.1#5353
-ipset=/.syncback.com/gfwlist
-server=/.sysadmin1138.net/127.0.0.1#5353
-ipset=/.sysadmin1138.net/gfwlist
-server=/.sysresccd.org/127.0.0.1#5353
-ipset=/.sysresccd.org/gfwlist
-server=/.sytes.net/127.0.0.1#5353
-ipset=/.sytes.net/gfwlist
-server=/.szbbs.net/127.0.0.1#5353
-ipset=/.szbbs.net/gfwlist
-server=/.szetowah.org.hk/127.0.0.1#5353
-ipset=/.szetowah.org.hk/gfwlist
-server=/.t.co/127.0.0.1#5353
-ipset=/.t.co/gfwlist
-server=/.t.neolee.cn/127.0.0.1#5353
-ipset=/.t.neolee.cn/gfwlist
-server=/.t.orzdream.com/127.0.0.1#5353
-ipset=/.t.orzdream.com/gfwlist
-server=/.t35.com/127.0.0.1#5353
-ipset=/.t35.com/gfwlist
-server=/.t66y.com/127.0.0.1#5353
-ipset=/.t66y.com/gfwlist
-server=/.t88.ca/127.0.0.1#5353
-ipset=/.t88.ca/gfwlist
-server=/.taa-usa.org/127.0.0.1#5353
-ipset=/.taa-usa.org/gfwlist
-server=/.tabtter.jp/127.0.0.1#5353
-ipset=/.tabtter.jp/gfwlist
-server=/.tacem.org/127.0.0.1#5353
-ipset=/.tacem.org/gfwlist
-server=/.tafaward.com/127.0.0.1#5353
-ipset=/.tafaward.com/gfwlist
-server=/.tafm.org/127.0.0.1#5353
-ipset=/.tafm.org/gfwlist
-server=/.tagwa.org.au/127.0.0.1#5353
-ipset=/.tagwa.org.au/gfwlist
-server=/.tagwalk.com/127.0.0.1#5353
-ipset=/.tagwalk.com/gfwlist
-server=/.taipeisociety.org/127.0.0.1#5353
-ipset=/.taipeisociety.org/gfwlist
-server=/.taiwanbible.com/127.0.0.1#5353
-ipset=/.taiwanbible.com/gfwlist
-server=/.taiwandaily.net/127.0.0.1#5353
-ipset=/.taiwandaily.net/gfwlist
-server=/.taiwanjustice.com/127.0.0.1#5353
-ipset=/.taiwanjustice.com/gfwlist
-server=/.taiwankiss.com/127.0.0.1#5353
-ipset=/.taiwankiss.com/gfwlist
-server=/.taiwannation.50webs.com/127.0.0.1#5353
-ipset=/.taiwannation.50webs.com/gfwlist
-server=/.taiwannation.com/127.0.0.1#5353
-ipset=/.taiwannation.com/gfwlist
-server=/.taiwan-sex.com/127.0.0.1#5353
-ipset=/.taiwan-sex.com/gfwlist
-server=/.taiwantp.net/127.0.0.1#5353
-ipset=/.taiwantp.net/gfwlist
-server=/.taiwanus.net/127.0.0.1#5353
-ipset=/.taiwanus.net/gfwlist
-server=/.taiwanyes.com/127.0.0.1#5353
-ipset=/.taiwanyes.com/gfwlist
-server=/.taiwanyes.ning.com/127.0.0.1#5353
-ipset=/.taiwanyes.ning.com/gfwlist
-server=/.talk853.com/127.0.0.1#5353
-ipset=/.talk853.com/gfwlist
-server=/.talkboxapp.com/127.0.0.1#5353
-ipset=/.talkboxapp.com/gfwlist
-server=/.talkonly.net/127.0.0.1#5353
-ipset=/.talkonly.net/gfwlist
-server=/.tamiaode.tk/127.0.0.1#5353
-ipset=/.tamiaode.tk/gfwlist
-server=/.tanc.org/127.0.0.1#5353
-ipset=/.tanc.org/gfwlist
-server=/.tangben.com/127.0.0.1#5353
-ipset=/.tangben.com/gfwlist
-server=/.tangren.us/127.0.0.1#5353
-ipset=/.tangren.us/gfwlist
-server=/.taolun.info/127.0.0.1#5353
-ipset=/.taolun.info/gfwlist
-server=/.tapanwap.com/127.0.0.1#5353
-ipset=/.tapanwap.com/gfwlist
-server=/.target.com/127.0.0.1#5353
-ipset=/.target.com/gfwlist
-server=/.tarr.uspto.gov/127.0.0.1#5353
-ipset=/.tarr.uspto.gov/gfwlist
-server=/.tascn.com.au/127.0.0.1#5353
-ipset=/.tascn.com.au/gfwlist
-server=/.taup.net/127.0.0.1#5353
-ipset=/.taup.net/gfwlist
-server=/.taweet.com/127.0.0.1#5353
-ipset=/.taweet.com/gfwlist
-server=/.tbcollege.org/127.0.0.1#5353
-ipset=/.tbcollege.org/gfwlist
-server=/.tbi.org.hk/127.0.0.1#5353
-ipset=/.tbi.org.hk/gfwlist
-server=/.tbicn.org/127.0.0.1#5353
-ipset=/.tbicn.org/gfwlist
-server=/.tbjyt.org/127.0.0.1#5353
-ipset=/.tbjyt.org/gfwlist
-server=/.tbpic.info/127.0.0.1#5353
-ipset=/.tbpic.info/gfwlist
-server=/.tbsec.org/127.0.0.1#5353
-ipset=/.tbsec.org/gfwlist
-server=/.tbskkinabalu.page.tl/127.0.0.1#5353
-ipset=/.tbskkinabalu.page.tl/gfwlist
-server=/.tbsmalaysia.org/127.0.0.1#5353
-ipset=/.tbsmalaysia.org/gfwlist
-server=/.tbsn.org/127.0.0.1#5353
-ipset=/.tbsn.org/gfwlist
-server=/.tbs-rainbow.org/127.0.0.1#5353
-ipset=/.tbs-rainbow.org/gfwlist
-server=/.tbsseattle.org/127.0.0.1#5353
-ipset=/.tbsseattle.org/gfwlist
-server=/.tbssqh.org/127.0.0.1#5353
-ipset=/.tbssqh.org/gfwlist
-server=/.tbswd.org/127.0.0.1#5353
-ipset=/.tbswd.org/gfwlist
-server=/.tbtemple.org.uk/127.0.0.1#5353
-ipset=/.tbtemple.org.uk/gfwlist
-server=/.tbthouston.org/127.0.0.1#5353
-ipset=/.tbthouston.org/gfwlist
-server=/.tccwonline.org/127.0.0.1#5353
-ipset=/.tccwonline.org/gfwlist
-server=/.tcewf.org/127.0.0.1#5353
-ipset=/.tcewf.org/gfwlist
-server=/.tchrd.org/127.0.0.1#5353
-ipset=/.tchrd.org/gfwlist
-server=/.tech2.in.com/127.0.0.1#5353
-ipset=/.tech2.in.com/gfwlist
-server=/.techlifeweb.com/127.0.0.1#5353
-ipset=/.techlifeweb.com/gfwlist
-server=/.techparaiso.com/127.0.0.1#5353
-ipset=/.techparaiso.com/gfwlist
-server=/.teck.in/127.0.0.1#5353
-ipset=/.teck.in/gfwlist
-server=/.teeniefuck.net/127.0.0.1#5353
-ipset=/.teeniefuck.net/gfwlist
-server=/.teensinasia.com/127.0.0.1#5353
-ipset=/.teensinasia.com/gfwlist
-server=/.telecomspace.com/127.0.0.1#5353
-ipset=/.telecomspace.com/gfwlist
-server=/.telegram.org/127.0.0.1#5353
-ipset=/.telegram.org/gfwlist
-server=/.telegraph.co.uk/127.0.0.1#5353
-ipset=/.telegraph.co.uk/gfwlist
-server=/.tenacy.com/127.0.0.1#5353
-ipset=/.tenacy.com/gfwlist
-server=/.tew.org/127.0.0.1#5353
-ipset=/.tew.org/gfwlist
-server=/.th.hao123.com/127.0.0.1#5353
-ipset=/.th.hao123.com/gfwlist
-server=/.theatrum-belli.com/127.0.0.1#5353
-ipset=/.theatrum-belli.com/gfwlist
-server=/.thebcomplex.com/127.0.0.1#5353
-ipset=/.thebcomplex.com/gfwlist
-server=/.theblemish.com/127.0.0.1#5353
-ipset=/.theblemish.com/gfwlist
-server=/.thebobs.com/127.0.0.1#5353
-ipset=/.thebobs.com/gfwlist
-server=/.thebodyshop-usa.com/127.0.0.1#5353
-ipset=/.thebodyshop-usa.com/gfwlist
-server=/.thechinabeat.org/127.0.0.1#5353
-ipset=/.thechinabeat.org/gfwlist
-server=/.thedalailamamovie.com/127.0.0.1#5353
-ipset=/.thedalailamamovie.com/gfwlist
-server=/.thedieline.com/127.0.0.1#5353
-ipset=/.thedieline.com/gfwlist
-server=/.thedw.us/127.0.0.1#5353
-ipset=/.thedw.us/gfwlist
-server=/.thefrontier.hk/127.0.0.1#5353
-ipset=/.thefrontier.hk/gfwlist
-server=/.thegioitinhoc.vn/127.0.0.1#5353
-ipset=/.thegioitinhoc.vn/gfwlist
-server=/.thegly.com/127.0.0.1#5353
-ipset=/.thegly.com/gfwlist
-server=/.thehots.info/127.0.0.1#5353
-ipset=/.thehots.info/gfwlist
-server=/.thehousenews.com/127.0.0.1#5353
-ipset=/.thehousenews.com/gfwlist
-server=/.thehun.net/127.0.0.1#5353
-ipset=/.thehun.net/gfwlist
-server=/.theinitium.com/127.0.0.1#5353
-ipset=/.theinitium.com/gfwlist
-server=/.thelifeyoucansave.com/127.0.0.1#5353
-ipset=/.thelifeyoucansave.com/gfwlist
-server=/.thenewslens.com/127.0.0.1#5353
-ipset=/.thenewslens.com/gfwlist
-server=/.thepiratebay.org/127.0.0.1#5353
-ipset=/.thepiratebay.org/gfwlist
-server=/.thereallove.kr/127.0.0.1#5353
-ipset=/.thereallove.kr/gfwlist
-server=/.thesartorialist.com/127.0.0.1#5353
-ipset=/.thesartorialist.com/gfwlist
-server=/.thespeeder.com/127.0.0.1#5353
-ipset=/.thespeeder.com/gfwlist
-server=/.thestandnews.com/127.0.0.1#5353
-ipset=/.thestandnews.com/gfwlist
-server=/.thetibetcenter.org/127.0.0.1#5353
-ipset=/.thetibetcenter.org/gfwlist
-server=/.thetibetconnection.org/127.0.0.1#5353
-ipset=/.thetibetconnection.org/gfwlist
-server=/.thetibetmuseum.org/127.0.0.1#5353
-ipset=/.thetibetmuseum.org/gfwlist
-server=/.thetibetpost.com/127.0.0.1#5353
-ipset=/.thetibetpost.com/gfwlist
-server=/.thetrotskymovie.com/127.0.0.1#5353
-ipset=/.thetrotskymovie.com/gfwlist
-server=/.thevivekspot.com/127.0.0.1#5353
-ipset=/.thevivekspot.com/gfwlist
-server=/.thewgo.org/127.0.0.1#5353
-ipset=/.thewgo.org/gfwlist
-server=/.thinkingtaiwan.com/127.0.0.1#5353
-ipset=/.thinkingtaiwan.com/gfwlist
-server=/.thinkwithgoogle.com/127.0.0.1#5353
-ipset=/.thinkwithgoogle.com/gfwlist
-server=/.thisav.com/127.0.0.1#5353
-ipset=/.thisav.com/gfwlist
-server=/.thomasbernhard.org/127.0.0.1#5353
-ipset=/.thomasbernhard.org/gfwlist
-server=/.threatchaos.com/127.0.0.1#5353
-ipset=/.threatchaos.com/gfwlist
-server=/.throughnightsfire.com/127.0.0.1#5353
-ipset=/.throughnightsfire.com/gfwlist
-server=/.thumbzilla.com/127.0.0.1#5353
-ipset=/.thumbzilla.com/gfwlist
-server=/.thywords.com/127.0.0.1#5353
-ipset=/.thywords.com/gfwlist
-server=/.tiananmenduizhi.com/127.0.0.1#5353
-ipset=/.tiananmenduizhi.com/gfwlist
-server=/.tiananmenmother.org/127.0.0.1#5353
-ipset=/.tiananmenmother.org/gfwlist
-server=/.tiananmenuniv.com/127.0.0.1#5353
-ipset=/.tiananmenuniv.com/gfwlist
-server=/.tiananmenuniv.net/127.0.0.1#5353
-ipset=/.tiananmenuniv.net/gfwlist
-server=/.tiandixing.org/127.0.0.1#5353
-ipset=/.tiandixing.org/gfwlist
-server=/.tianhuayuan.com/127.0.0.1#5353
-ipset=/.tianhuayuan.com/gfwlist
-server=/.tianlawoffice.com/127.0.0.1#5353
-ipset=/.tianlawoffice.com/gfwlist
-server=/.tiantibooks.org/127.0.0.1#5353
-ipset=/.tiantibooks.org/gfwlist
-server=/.tianzhu.org/127.0.0.1#5353
-ipset=/.tianzhu.org/gfwlist
-server=/.tibet.a.se/127.0.0.1#5353
-ipset=/.tibet.a.se/gfwlist
-server=/.tibet.at/127.0.0.1#5353
-ipset=/.tibet.at/gfwlist
-server=/.tibet.ca/127.0.0.1#5353
-ipset=/.tibet.ca/gfwlist
-server=/.tibet.com/127.0.0.1#5353
-ipset=/.tibet.com/gfwlist
-server=/.tibet.fr/127.0.0.1#5353
-ipset=/.tibet.fr/gfwlist
-server=/.tibet.net/127.0.0.1#5353
-ipset=/.tibet.net/gfwlist
-server=/.tibet.nu/127.0.0.1#5353
-ipset=/.tibet.nu/gfwlist
-server=/.tibet.org/127.0.0.1#5353
-ipset=/.tibet.org/gfwlist
-server=/.tibetaction.net/127.0.0.1#5353
-ipset=/.tibetaction.net/gfwlist
-server=/.tibetaid.org/127.0.0.1#5353
-ipset=/.tibetaid.org/gfwlist
-server=/.tibetalk.com/127.0.0.1#5353
-ipset=/.tibetalk.com/gfwlist
-server=/.tibetan.fr/127.0.0.1#5353
-ipset=/.tibetan.fr/gfwlist
-server=/.tibetan-alliance.org/127.0.0.1#5353
-ipset=/.tibetan-alliance.org/gfwlist
-server=/.tibetanarts.org/127.0.0.1#5353
-ipset=/.tibetanarts.org/gfwlist
-server=/.tibetanculture.org/127.0.0.1#5353
-ipset=/.tibetanculture.org/gfwlist
-server=/.tibetanliberation.org/127.0.0.1#5353
-ipset=/.tibetanliberation.org/gfwlist
-server=/.tibetanpaintings.com/127.0.0.1#5353
-ipset=/.tibetanpaintings.com/gfwlist
-server=/.tibetanphotoproject.com/127.0.0.1#5353
-ipset=/.tibetanphotoproject.com/gfwlist
-server=/.tibetanpoliticalreview.org/127.0.0.1#5353
-ipset=/.tibetanpoliticalreview.org/gfwlist
-server=/.tibetanreview.net/127.0.0.1#5353
-ipset=/.tibetanreview.net/gfwlist
-server=/.tibetanwomen.org/127.0.0.1#5353
-ipset=/.tibetanwomen.org/gfwlist
-server=/.tibetanyouthcongress.org/127.0.0.1#5353
-ipset=/.tibetanyouthcongress.org/gfwlist
-server=/.tibetcharity.dk/127.0.0.1#5353
-ipset=/.tibetcharity.dk/gfwlist
-server=/.tibetcharity.in/127.0.0.1#5353
-ipset=/.tibetcharity.in/gfwlist
-server=/.tibetcity.com/127.0.0.1#5353
-ipset=/.tibetcity.com/gfwlist
-server=/.tibetcollection.com/127.0.0.1#5353
-ipset=/.tibetcollection.com/gfwlist
-server=/.tibetcorps.org/127.0.0.1#5353
-ipset=/.tibetcorps.org/gfwlist
-server=/.tibetexpress.net/127.0.0.1#5353
-ipset=/.tibetexpress.net/gfwlist
-server=/.tibetfocus.com/127.0.0.1#5353
-ipset=/.tibetfocus.com/gfwlist
-server=/.tibet-foundation.org/127.0.0.1#5353
-ipset=/.tibet-foundation.org/gfwlist
-server=/.tibetfund.org/127.0.0.1#5353
-ipset=/.tibetfund.org/gfwlist
-server=/.tibethouse.jp/127.0.0.1#5353
-ipset=/.tibethouse.jp/gfwlist
-server=/.tibethouse.org/127.0.0.1#5353
-ipset=/.tibethouse.org/gfwlist
-server=/.tibethouse.us/127.0.0.1#5353
-ipset=/.tibethouse.us/gfwlist
-server=/.tibet-house-trust.co.uk/127.0.0.1#5353
-ipset=/.tibet-house-trust.co.uk/gfwlist
-server=/.tibet-info.net/127.0.0.1#5353
-ipset=/.tibet-info.net/gfwlist
-server=/.tibet-initiative.de/127.0.0.1#5353
-ipset=/.tibet-initiative.de/gfwlist
-server=/.tibetjustice.org/127.0.0.1#5353
-ipset=/.tibetjustice.org/gfwlist
-server=/.tibet-munich.de/127.0.0.1#5353
-ipset=/.tibet-munich.de/gfwlist
-server=/.tibetmuseum.org/127.0.0.1#5353
-ipset=/.tibetmuseum.org/gfwlist
-server=/.tibetnetwork.org/127.0.0.1#5353
-ipset=/.tibetnetwork.org/gfwlist
-server=/.tibetoffice.ch/127.0.0.1#5353
-ipset=/.tibetoffice.ch/gfwlist
-server=/.tibetoffice.com.au/127.0.0.1#5353
-ipset=/.tibetoffice.com.au/gfwlist
-server=/.tibetoffice.eu/127.0.0.1#5353
-ipset=/.tibetoffice.eu/gfwlist
-server=/.tibetoffice.org/127.0.0.1#5353
-ipset=/.tibetoffice.org/gfwlist
-server=/.tibetonline.com/127.0.0.1#5353
-ipset=/.tibetonline.com/gfwlist
-server=/.tibetonline.tv/127.0.0.1#5353
-ipset=/.tibetonline.tv/gfwlist
-server=/.tibetoralhistory.org/127.0.0.1#5353
-ipset=/.tibetoralhistory.org/gfwlist
-server=/.tibetpolicy.eu/127.0.0.1#5353
-ipset=/.tibetpolicy.eu/gfwlist
-server=/.tibetrelieffund.co.uk/127.0.0.1#5353
-ipset=/.tibetrelieffund.co.uk/gfwlist
-server=/.tibetsites.com/127.0.0.1#5353
-ipset=/.tibetsites.com/gfwlist
-server=/.tibetsociety.com/127.0.0.1#5353
-ipset=/.tibetsociety.com/gfwlist
-server=/.tibetsun.com/127.0.0.1#5353
-ipset=/.tibetsun.com/gfwlist
-server=/.tibettimes.net/127.0.0.1#5353
-ipset=/.tibettimes.net/gfwlist
-server=/.tibetwrites.org/127.0.0.1#5353
-ipset=/.tibetwrites.org/gfwlist
-server=/.time.com/127.0.0.1#5353
-ipset=/.time.com/gfwlist
-server=/.times.hinet.net/127.0.0.1#5353
-ipset=/.times.hinet.net/gfwlist
-server=/.timesofindia.indiatimes.com/127.0.0.1#5353
-ipset=/.timesofindia.indiatimes.com/gfwlist
-server=/.tiny.cc/127.0.0.1#5353
-ipset=/.tiny.cc/gfwlist
-server=/.tinychat.com/127.0.0.1#5353
-ipset=/.tinychat.com/gfwlist
-server=/.tinypaste.com/127.0.0.1#5353
-ipset=/.tinypaste.com/gfwlist
-server=/.tistory.com/127.0.0.1#5353
-ipset=/.tistory.com/gfwlist
-server=/.tkcs-collins.com/127.0.0.1#5353
-ipset=/.tkcs-collins.com/gfwlist
-server=/.tkforum.tk/127.0.0.1#5353
-ipset=/.tkforum.tk/gfwlist
-server=/.tl.gd/127.0.0.1#5353
-ipset=/.tl.gd/gfwlist
-server=/.tma.co.jp/127.0.0.1#5353
-ipset=/.tma.co.jp/gfwlist
-server=/.tmagazine.com/127.0.0.1#5353
-ipset=/.tmagazine.com/gfwlist
-server=/.tmi.me/127.0.0.1#5353
-ipset=/.tmi.me/gfwlist
-server=/.tnaflix.com/127.0.0.1#5353
-ipset=/.tnaflix.com/gfwlist
-server=/.tnp.org/127.0.0.1#5353
-ipset=/.tnp.org/gfwlist
-server=/.togetter.com/127.0.0.1#5353
-ipset=/.togetter.com/gfwlist
-server=/.tokyo-247.com/127.0.0.1#5353
-ipset=/.tokyo-247.com/gfwlist
-server=/.tokyocn.com/127.0.0.1#5353
-ipset=/.tokyocn.com/gfwlist
-server=/.tokyo-hot.com/127.0.0.1#5353
-ipset=/.tokyo-hot.com/gfwlist
-server=/.tomayko.com/127.0.0.1#5353
-ipset=/.tomayko.com/gfwlist
-server=/.tongil.or.kr/127.0.0.1#5353
-ipset=/.tongil.or.kr/gfwlist
-server=/.tono-oka.jp/127.0.0.1#5353
-ipset=/.tono-oka.jp/gfwlist
-server=/.tonyyan.net/127.0.0.1#5353
-ipset=/.tonyyan.net/gfwlist
-server=/.toodoc.com/127.0.0.1#5353
-ipset=/.toodoc.com/gfwlist
-server=/.toonel.net/127.0.0.1#5353
-ipset=/.toonel.net/gfwlist
-server=/.top81.ws/127.0.0.1#5353
-ipset=/.top81.ws/gfwlist
-server=/.topnews.in/127.0.0.1#5353
-ipset=/.topnews.in/gfwlist
-server=/.to-porno.com/127.0.0.1#5353
-ipset=/.to-porno.com/gfwlist
-server=/.topshare.us/127.0.0.1#5353
-ipset=/.topshare.us/gfwlist
-server=/.topshareware.com/127.0.0.1#5353
-ipset=/.topshareware.com/gfwlist
-server=/.topstyle4.com/127.0.0.1#5353
-ipset=/.topstyle4.com/gfwlist
-server=/.topsy.com/127.0.0.1#5353
-ipset=/.topsy.com/gfwlist
-server=/.toptip.ca/127.0.0.1#5353
-ipset=/.toptip.ca/gfwlist
-server=/.tor.blingblingsquad.net/127.0.0.1#5353
-ipset=/.tor.blingblingsquad.net/gfwlist
-server=/.tor.cn.uptodown.com/127.0.0.1#5353
-ipset=/.tor.cn.uptodown.com/gfwlist
-server=/.tor.updatestar.com/127.0.0.1#5353
-ipset=/.tor.updatestar.com/gfwlist
-server=/.tora.to/127.0.0.1#5353
-ipset=/.tora.to/gfwlist
-server=/.torcn.com/127.0.0.1#5353
-ipset=/.torcn.com/gfwlist
-server=/.torguard.net/127.0.0.1#5353
-ipset=/.torguard.net/gfwlist
-server=/.torproject.org/127.0.0.1#5353
-ipset=/.torproject.org/gfwlist
-server=/.torrentcrazy.com/127.0.0.1#5353
-ipset=/.torrentcrazy.com/gfwlist
-server=/.torrentkitty.com/127.0.0.1#5353
-ipset=/.torrentkitty.com/gfwlist
-server=/.torrentkitty.net/127.0.0.1#5353
-ipset=/.torrentkitty.net/gfwlist
-server=/.torrentprivacy.com/127.0.0.1#5353
-ipset=/.torrentprivacy.com/gfwlist
-server=/.torrentproject.se/127.0.0.1#5353
-ipset=/.torrentproject.se/gfwlist
-server=/.torrenty.org/127.0.0.1#5353
-ipset=/.torrenty.org/gfwlist
-server=/.torrentz.eu/127.0.0.1#5353
-ipset=/.torrentz.eu/gfwlist
-server=/.torvpn.com/127.0.0.1#5353
-ipset=/.torvpn.com/gfwlist
-server=/.tosh.comedycentral.com/127.0.0.1#5353
-ipset=/.tosh.comedycentral.com/gfwlist
-server=/.toshiba.com/127.0.0.1#5353
-ipset=/.toshiba.com/gfwlist
-server=/.touch99.com/127.0.0.1#5353
-ipset=/.touch99.com/gfwlist
-server=/.toutfr.com/127.0.0.1#5353
-ipset=/.toutfr.com/gfwlist
-server=/.towngain.com/127.0.0.1#5353
-ipset=/.towngain.com/gfwlist
-server=/.tparents.org/127.0.0.1#5353
-ipset=/.tparents.org/gfwlist
-server=/.traffichaus.com/127.0.0.1#5353
-ipset=/.traffichaus.com/gfwlist
-server=/.trans.wenweipo.com/127.0.0.1#5353
-ipset=/.trans.wenweipo.com/gfwlist
-server=/.transgressionism.org/127.0.0.1#5353
-ipset=/.transgressionism.org/gfwlist
-server=/.transparency.org/127.0.0.1#5353
-ipset=/.transparency.org/gfwlist
-server=/.travelinlocal.com/127.0.0.1#5353
-ipset=/.travelinlocal.com/gfwlist
-server=/.trendsmap.com/127.0.0.1#5353
-ipset=/.trendsmap.com/gfwlist
-server=/.trialofccp.org/127.0.0.1#5353
-ipset=/.trialofccp.org/gfwlist
-server=/.tripod.com/127.0.0.1#5353
-ipset=/.tripod.com/gfwlist
-server=/.trouw.nl/127.0.0.1#5353
-ipset=/.trouw.nl/gfwlist
-server=/.trt.net.tr/127.0.0.1#5353
-ipset=/.trt.net.tr/gfwlist
-server=/.truebuddha-md.org/127.0.0.1#5353
-ipset=/.truebuddha-md.org/gfwlist
-server=/.trulyergonomic.com/127.0.0.1#5353
-ipset=/.trulyergonomic.com/gfwlist
-server=/.trustedbi.com/127.0.0.1#5353
-ipset=/.trustedbi.com/gfwlist
-server=/.truth101.co.tv/127.0.0.1#5353
-ipset=/.truth101.co.tv/gfwlist
-server=/.truthcn.com/127.0.0.1#5353
-ipset=/.truthcn.com/gfwlist
-server=/.truveo.com/127.0.0.1#5353
-ipset=/.truveo.com/gfwlist
-server=/.tsctv.net/127.0.0.1#5353
-ipset=/.tsctv.net/gfwlist
-server=/.tsdr.uspto.gov/127.0.0.1#5353
-ipset=/.tsdr.uspto.gov/gfwlist
-server=/.tsemtulku.com/127.0.0.1#5353
-ipset=/.tsemtulku.com/gfwlist
-server=/.tsquare.tv/127.0.0.1#5353
-ipset=/.tsquare.tv/gfwlist
-server=/.tsunagarumon.com/127.0.0.1#5353
-ipset=/.tsunagarumon.com/gfwlist
-server=/.tt1069.com/127.0.0.1#5353
-ipset=/.tt1069.com/gfwlist
-server=/.tt-rss.org/127.0.0.1#5353
-ipset=/.tt-rss.org/gfwlist
-server=/.tttan.com/127.0.0.1#5353
-ipset=/.tttan.com/gfwlist
-server=/.tu8964.com/127.0.0.1#5353
-ipset=/.tu8964.com/gfwlist
-server=/.tuanzt.com/127.0.0.1#5353
-ipset=/.tuanzt.com/gfwlist
-server=/.tube.com/127.0.0.1#5353
-ipset=/.tube.com/gfwlist
-server=/.tube8.com/127.0.0.1#5353
-ipset=/.tube8.com/gfwlist
-server=/.tube911.com/127.0.0.1#5353
-ipset=/.tube911.com/gfwlist
-server=/.tubecao.com/127.0.0.1#5353
-ipset=/.tubecao.com/gfwlist
-server=/.tubecup.com/127.0.0.1#5353
-ipset=/.tubecup.com/gfwlist
-server=/.tubewolf.com/127.0.0.1#5353
-ipset=/.tubewolf.com/gfwlist
-server=/.tui.orzdream.com/127.0.0.1#5353
-ipset=/.tui.orzdream.com/gfwlist
-server=/.tuidang.net/127.0.0.1#5353
-ipset=/.tuidang.net/gfwlist
-server=/.tuidang.org/127.0.0.1#5353
-ipset=/.tuidang.org/gfwlist
-server=/.tuidang.se/127.0.0.1#5353
-ipset=/.tuidang.se/gfwlist
-server=/.tuitwit.com/127.0.0.1#5353
-ipset=/.tuitwit.com/gfwlist
-server=/.tumblr.com/127.0.0.1#5353
-ipset=/.tumblr.com/gfwlist
-server=/.tumutanzi.com/127.0.0.1#5353
-ipset=/.tumutanzi.com/gfwlist
-server=/.tunein.com/127.0.0.1#5353
-ipset=/.tunein.com/gfwlist
-server=/.tunnelbear.com/127.0.0.1#5353
-ipset=/.tunnelbear.com/gfwlist
-server=/.tuo8.cc/127.0.0.1#5353
-ipset=/.tuo8.cc/gfwlist
-server=/.tuo8.hk/127.0.0.1#5353
-ipset=/.tuo8.hk/gfwlist
-server=/.tuo8.org/127.0.0.1#5353
-ipset=/.tuo8.org/gfwlist
-server=/.turbobit.net/127.0.0.1#5353
-ipset=/.turbobit.net/gfwlist
-server=/.turbotwitter.com/127.0.0.1#5353
-ipset=/.turbotwitter.com/gfwlist
-server=/.turningtorso.com/127.0.0.1#5353
-ipset=/.turningtorso.com/gfwlist
-server=/.turntable.fm/127.0.0.1#5353
-ipset=/.turntable.fm/gfwlist
-server=/.tuxtraining.com/127.0.0.1#5353
-ipset=/.tuxtraining.com/gfwlist
-server=/.tuzaijidi.com/127.0.0.1#5353
-ipset=/.tuzaijidi.com/gfwlist
-server=/.tv.com/127.0.0.1#5353
-ipset=/.tv.com/gfwlist
-server=/.tvants.com/127.0.0.1#5353
-ipset=/.tvants.com/gfwlist
-server=/.tvboxnow.com/127.0.0.1#5353
-ipset=/.tvboxnow.com/gfwlist
-server=/.tvider.com/127.0.0.1#5353
-ipset=/.tvider.com/gfwlist
-server=/.tv-intros.com/127.0.0.1#5353
-ipset=/.tv-intros.com/gfwlist
-server=/.tvunetworks.com/127.0.0.1#5353
-ipset=/.tvunetworks.com/gfwlist
-server=/.tw/127.0.0.1#5353
-ipset=/.tw/gfwlist
-server=/.tw.gigacircle.com/127.0.0.1#5353
-ipset=/.tw.gigacircle.com/gfwlist
-server=/.tw.hao123.com/127.0.0.1#5353
-ipset=/.tw.hao123.com/gfwlist
-server=/.tw.jiepang.com/127.0.0.1#5353
-ipset=/.tw.jiepang.com/gfwlist
-server=/.tw.knowledge.yahoo.com/127.0.0.1#5353
-ipset=/.tw.knowledge.yahoo.com/gfwlist
-server=/.tw.myblog.yahoo.com/127.0.0.1#5353
-ipset=/.tw.myblog.yahoo.com/gfwlist
-server=/.tw.news.yahoo.com/127.0.0.1#5353
-ipset=/.tw.news.yahoo.com/gfwlist
-server=/.tw.streetvoice.com/127.0.0.1#5353
-ipset=/.tw.streetvoice.com/gfwlist
-server=/.tw.tomonews.net/127.0.0.1#5353
-ipset=/.tw.tomonews.net/gfwlist
-server=/.tw.voa.mobi/127.0.0.1#5353
-ipset=/.tw.voa.mobi/gfwlist
-server=/.tw.yahoo.com/127.0.0.1#5353
-ipset=/.tw.yahoo.com/gfwlist
-server=/.tw01.org/127.0.0.1#5353
-ipset=/.tw01.org/gfwlist
-server=/.twapperkeeper.com/127.0.0.1#5353
-ipset=/.twapperkeeper.com/gfwlist
-server=/.twaud.io/127.0.0.1#5353
-ipset=/.twaud.io/gfwlist
-server=/.twbbs.org/127.0.0.1#5353
-ipset=/.twbbs.org/gfwlist
-server=/.twblogger.com/127.0.0.1#5353
-ipset=/.twblogger.com/gfwlist
-server=/.tweepguide.com/127.0.0.1#5353
-ipset=/.tweepguide.com/gfwlist
-server=/.tweeplike.me/127.0.0.1#5353
-ipset=/.tweeplike.me/gfwlist
-server=/.tweepmag.com/127.0.0.1#5353
-ipset=/.tweepmag.com/gfwlist
-server=/.tweepml.org/127.0.0.1#5353
-ipset=/.tweepml.org/gfwlist
-server=/.tweetbackup.com/127.0.0.1#5353
-ipset=/.tweetbackup.com/gfwlist
-server=/.tweetboard.com/127.0.0.1#5353
-ipset=/.tweetboard.com/gfwlist
-server=/.tweetboner.biz/127.0.0.1#5353
-ipset=/.tweetboner.biz/gfwlist
-server=/.tweetdeck.com/127.0.0.1#5353
-ipset=/.tweetdeck.com/gfwlist
-server=/.tweetedtimes.com/127.0.0.1#5353
-ipset=/.tweetedtimes.com/gfwlist
-server=/.tweetmylast.fm/127.0.0.1#5353
-ipset=/.tweetmylast.fm/gfwlist
-server=/.tweetphoto.com/127.0.0.1#5353
-ipset=/.tweetphoto.com/gfwlist
-server=/.tweetrans.com/127.0.0.1#5353
-ipset=/.tweetrans.com/gfwlist
-server=/.tweetree.com/127.0.0.1#5353
-ipset=/.tweetree.com/gfwlist
-server=/.tweets.seraph.me/127.0.0.1#5353
-ipset=/.tweets.seraph.me/gfwlist
-server=/.tweettunnel.com/127.0.0.1#5353
-ipset=/.tweettunnel.com/gfwlist
-server=/.tweetwally.com/127.0.0.1#5353
-ipset=/.tweetwally.com/gfwlist
-server=/.tweetymail.com/127.0.0.1#5353
-ipset=/.tweetymail.com/gfwlist
-server=/.twerkingbutt.com/127.0.0.1#5353
-ipset=/.twerkingbutt.com/gfwlist
-server=/.twftp.org/127.0.0.1#5353
-ipset=/.twftp.org/gfwlist
-server=/.twibase.com/127.0.0.1#5353
-ipset=/.twibase.com/gfwlist
-server=/.twibble.de/127.0.0.1#5353
-ipset=/.twibble.de/gfwlist
-server=/.twibbon.com/127.0.0.1#5353
-ipset=/.twibbon.com/gfwlist
-server=/.twibs.com/127.0.0.1#5353
-ipset=/.twibs.com/gfwlist
-server=/.twicsy.com/127.0.0.1#5353
-ipset=/.twicsy.com/gfwlist
-server=/.twifan.com/127.0.0.1#5353
-ipset=/.twifan.com/gfwlist
-server=/.twiffo.com/127.0.0.1#5353
-ipset=/.twiffo.com/gfwlist
-server=/.twiggit.org/127.0.0.1#5353
-ipset=/.twiggit.org/gfwlist
-server=/.twilightsex.com/127.0.0.1#5353
-ipset=/.twilightsex.com/gfwlist
-server=/.twilog.org/127.0.0.1#5353
-ipset=/.twilog.org/gfwlist
-server=/.twimbow.com/127.0.0.1#5353
-ipset=/.twimbow.com/gfwlist
-server=/.twimg.com/127.0.0.1#5353
-ipset=/.twimg.com/gfwlist
-server=/.twindexx.com/127.0.0.1#5353
-ipset=/.twindexx.com/gfwlist
-server=/.twip.me/127.0.0.1#5353
-ipset=/.twip.me/gfwlist
-server=/.twipple.jp/127.0.0.1#5353
-ipset=/.twipple.jp/gfwlist
-server=/.twistar.cc/127.0.0.1#5353
-ipset=/.twistar.cc/gfwlist
-server=/.twister.net.co/127.0.0.1#5353
-ipset=/.twister.net.co/gfwlist
-server=/.twisterio.com/127.0.0.1#5353
-ipset=/.twisterio.com/gfwlist
-server=/.twisternow.com/127.0.0.1#5353
-ipset=/.twisternow.com/gfwlist
-server=/.twistory.net/127.0.0.1#5353
-ipset=/.twistory.net/gfwlist
-server=/.twit2d.com/127.0.0.1#5353
-ipset=/.twit2d.com/gfwlist
-server=/.twitbrowser.net/127.0.0.1#5353
-ipset=/.twitbrowser.net/gfwlist
-server=/.twitcause.com/127.0.0.1#5353
-ipset=/.twitcause.com/gfwlist
-server=/.twitgether.com/127.0.0.1#5353
-ipset=/.twitgether.com/gfwlist
-server=/.twitgoo.com/127.0.0.1#5353
-ipset=/.twitgoo.com/gfwlist
-server=/.twitiq.com/127.0.0.1#5353
-ipset=/.twitiq.com/gfwlist
-server=/.twitlonger.com/127.0.0.1#5353
-ipset=/.twitlonger.com/gfwlist
-server=/.twitoaster.com/127.0.0.1#5353
-ipset=/.twitoaster.com/gfwlist
-server=/.twitonmsn.com/127.0.0.1#5353
-ipset=/.twitonmsn.com/gfwlist
-server=/.twitpic.com/127.0.0.1#5353
-ipset=/.twitpic.com/gfwlist
-server=/.twitstat.com/127.0.0.1#5353
-ipset=/.twitstat.com/gfwlist
-server=/.twittbot.net/127.0.0.1#5353
-ipset=/.twittbot.net/gfwlist
-server=/.twitter.com/127.0.0.1#5353
-ipset=/.twitter.com/gfwlist
-server=/.twitter.jp/127.0.0.1#5353
-ipset=/.twitter.jp/gfwlist
-server=/.twitter4j.org/127.0.0.1#5353
-ipset=/.twitter4j.org/gfwlist
-server=/.twittercounter.com/127.0.0.1#5353
-ipset=/.twittercounter.com/gfwlist
-server=/.twitterfeed.com/127.0.0.1#5353
-ipset=/.twitterfeed.com/gfwlist
-server=/.twittergadget.com/127.0.0.1#5353
-ipset=/.twittergadget.com/gfwlist
-server=/.twitterkr.com/127.0.0.1#5353
-ipset=/.twitterkr.com/gfwlist
-server=/.twittermail.com/127.0.0.1#5353
-ipset=/.twittermail.com/gfwlist
-server=/.twittertim.es/127.0.0.1#5353
-ipset=/.twittertim.es/gfwlist
-server=/.twitthat.com/127.0.0.1#5353
-ipset=/.twitthat.com/gfwlist
-server=/.twitturk.com/127.0.0.1#5353
-ipset=/.twitturk.com/gfwlist
-server=/.twitturly.com/127.0.0.1#5353
-ipset=/.twitturly.com/gfwlist
-server=/.twitvid.com/127.0.0.1#5353
-ipset=/.twitvid.com/gfwlist
-server=/.twitzap.com/127.0.0.1#5353
-ipset=/.twitzap.com/gfwlist
-server=/.twiyia.com/127.0.0.1#5353
-ipset=/.twiyia.com/gfwlist
-server=/.tw-npo.org/127.0.0.1#5353
-ipset=/.tw-npo.org/gfwlist
-server=/.twstar.net/127.0.0.1#5353
-ipset=/.twstar.net/gfwlist
-server=/.twt.fm/127.0.0.1#5353
-ipset=/.twt.fm/gfwlist
-server=/.twt.tl/127.0.0.1#5353
-ipset=/.twt.tl/gfwlist
-server=/.twtkr.com/127.0.0.1#5353
-ipset=/.twtkr.com/gfwlist
-server=/.twtr2src.ogaoga.org/127.0.0.1#5353
-ipset=/.twtr2src.ogaoga.org/gfwlist
-server=/.twtrland.com/127.0.0.1#5353
-ipset=/.twtrland.com/gfwlist
-server=/.twttr.com/127.0.0.1#5353
-ipset=/.twttr.com/gfwlist
-server=/.twurl.nl/127.0.0.1#5353
-ipset=/.twurl.nl/gfwlist
-server=/.twyac.org/127.0.0.1#5353
-ipset=/.twyac.org/gfwlist
-server=/.tycool.com/127.0.0.1#5353
-ipset=/.tycool.com/gfwlist
-server=/.typepad.com/127.0.0.1#5353
-ipset=/.typepad.com/gfwlist
-server=/.tzangms.com/127.0.0.1#5353
-ipset=/.tzangms.com/gfwlist
-server=/.ub0.cc/127.0.0.1#5353
-ipset=/.ub0.cc/gfwlist
-server=/.uberproxy.net/127.0.0.1#5353
-ipset=/.uberproxy.net/gfwlist
-server=/.ucdc1998.org/127.0.0.1#5353
-ipset=/.ucdc1998.org/gfwlist
-server=/.uchicago.edu/127.0.0.1#5353
-ipset=/.uchicago.edu/gfwlist
-server=/.uc-japan.org/127.0.0.1#5353
-ipset=/.uc-japan.org/gfwlist
-server=/.uderzo.it/127.0.0.1#5353
-ipset=/.uderzo.it/gfwlist
-server=/.udn.com/127.0.0.1#5353
-ipset=/.udn.com/gfwlist
-server=/.udnbkk.com/127.0.0.1#5353
-ipset=/.udnbkk.com/gfwlist
-server=/.ufreevpn.com/127.0.0.1#5353
-ipset=/.ufreevpn.com/gfwlist
-server=/.ugo.com/127.0.0.1#5353
-ipset=/.ugo.com/gfwlist
-server=/.uhrp.org/127.0.0.1#5353
-ipset=/.uhrp.org/gfwlist
-server=/.uighur.nl/127.0.0.1#5353
-ipset=/.uighur.nl/gfwlist
-server=/.uighurbiz.net/127.0.0.1#5353
-ipset=/.uighurbiz.net/gfwlist
-server=/.ukcdp.co.uk/127.0.0.1#5353
-ipset=/.ukcdp.co.uk/gfwlist
-server=/.ukliferadio.co.uk/127.0.0.1#5353
-ipset=/.ukliferadio.co.uk/gfwlist
-server=/.ulike.net/127.0.0.1#5353
-ipset=/.ulike.net/gfwlist
-server=/.ultraimg.com/127.0.0.1#5353
-ipset=/.ultraimg.com/gfwlist
-server=/.ultravpn.fr/127.0.0.1#5353
-ipset=/.ultravpn.fr/gfwlist
-server=/.ultraxs.com/127.0.0.1#5353
-ipset=/.ultraxs.com/gfwlist
-server=/.umich.edu/127.0.0.1#5353
-ipset=/.umich.edu/gfwlist
-server=/.unblock.cn.com/127.0.0.1#5353
-ipset=/.unblock.cn.com/gfwlist
-server=/.unblocksit.es/127.0.0.1#5353
-ipset=/.unblocksit.es/gfwlist
-server=/.unblock-us.com/127.0.0.1#5353
-ipset=/.unblock-us.com/gfwlist
-server=/.uncyclomedia.org/127.0.0.1#5353
-ipset=/.uncyclomedia.org/gfwlist
-server=/.uncyclopedia.hk/127.0.0.1#5353
-ipset=/.uncyclopedia.hk/gfwlist
-server=/.unholyknight.com/127.0.0.1#5353
-ipset=/.unholyknight.com/gfwlist
-server=/.uni.cc/127.0.0.1#5353
-ipset=/.uni.cc/gfwlist
-server=/.unicode.org/127.0.0.1#5353
-ipset=/.unicode.org/gfwlist
-server=/.uniteddaily.com.my/127.0.0.1#5353
-ipset=/.uniteddaily.com.my/gfwlist
-server=/.unitedsocialpress.com/127.0.0.1#5353
-ipset=/.unitedsocialpress.com/gfwlist
-server=/.unix100.com/127.0.0.1#5353
-ipset=/.unix100.com/gfwlist
-server=/.unknownspace.org/127.0.0.1#5353
-ipset=/.unknownspace.org/gfwlist
-server=/.unpo.org/127.0.0.1#5353
-ipset=/.unpo.org/gfwlist
-server=/.untraceable.us/127.0.0.1#5353
-ipset=/.untraceable.us/gfwlist
-server=/.uocn.org/127.0.0.1#5353
-ipset=/.uocn.org/gfwlist
-server=/.upcoming.yahoo.com/127.0.0.1#5353
-ipset=/.upcoming.yahoo.com/gfwlist
-server=/.upholdjustice.org/127.0.0.1#5353
-ipset=/.upholdjustice.org/gfwlist
-server=/.upload4u.info/127.0.0.1#5353
-ipset=/.upload4u.info/gfwlist
-server=/.uploaded.net/127.0.0.1#5353
-ipset=/.uploaded.net/gfwlist
-server=/.uploaded.to/127.0.0.1#5353
-ipset=/.uploaded.to/gfwlist
-server=/.uploadstation.com/127.0.0.1#5353
-ipset=/.uploadstation.com/gfwlist
-server=/.upornia.com/127.0.0.1#5353
-ipset=/.upornia.com/gfwlist
-server=/.upwill.org/127.0.0.1#5353
-ipset=/.upwill.org/gfwlist
-server=/.urbansurvival.com/127.0.0.1#5353
-ipset=/.urbansurvival.com/gfwlist
-server=/.urlborg.com/127.0.0.1#5353
-ipset=/.urlborg.com/gfwlist
-server=/.urlparser.com/127.0.0.1#5353
-ipset=/.urlparser.com/gfwlist
-server=/.us.to/127.0.0.1#5353
-ipset=/.us.to/gfwlist
-server=/.usacn.com/127.0.0.1#5353
-ipset=/.usacn.com/gfwlist
-server=/.usaip.eu/127.0.0.1#5353
-ipset=/.usaip.eu/gfwlist
-server=/.userapi.nytlog.com/127.0.0.1#5353
-ipset=/.userapi.nytlog.com/gfwlist
-server=/.users.skynet.be/127.0.0.1#5353
-ipset=/.users.skynet.be/gfwlist
-server=/.usfk.mil/127.0.0.1#5353
-ipset=/.usfk.mil/gfwlist
-server=/.usinfo.state.gov/127.0.0.1#5353
-ipset=/.usinfo.state.gov/gfwlist
-server=/.usma.edu/127.0.0.1#5353
-ipset=/.usma.edu/gfwlist
-server=/.usmc.mil/127.0.0.1#5353
-ipset=/.usmc.mil/gfwlist
-server=/.usmgtcg.ning.com/127.0.0.1#5353
-ipset=/.usmgtcg.ning.com/gfwlist
-server=/.usno.navy.mil/127.0.0.1#5353
-ipset=/.usno.navy.mil/gfwlist
-server=/.ustream.tv/127.0.0.1#5353
-ipset=/.ustream.tv/gfwlist
-server=/.usus.cc/127.0.0.1#5353
-ipset=/.usus.cc/gfwlist
-server=/.utopianpal.com/127.0.0.1#5353
-ipset=/.utopianpal.com/gfwlist
-server=/.uwants.com/127.0.0.1#5353
-ipset=/.uwants.com/gfwlist
-server=/.uwants.net/127.0.0.1#5353
-ipset=/.uwants.net/gfwlist
-server=/.uyghur.co.uk/127.0.0.1#5353
-ipset=/.uyghur.co.uk/gfwlist
-server=/.uyghuramerican.org/127.0.0.1#5353
-ipset=/.uyghuramerican.org/gfwlist
-server=/.uyghurcanadiansociety.org/127.0.0.1#5353
-ipset=/.uyghurcanadiansociety.org/gfwlist
-server=/.uyghurcongress.org/127.0.0.1#5353
-ipset=/.uyghurcongress.org/gfwlist
-server=/.uyghurensemble.co.uk/127.0.0.1#5353
-ipset=/.uyghurensemble.co.uk/gfwlist
-server=/.uyghur-j.org/127.0.0.1#5353
-ipset=/.uyghur-j.org/gfwlist
-server=/.uyghurpen.org/127.0.0.1#5353
-ipset=/.uyghurpen.org/gfwlist
-server=/.uyghurpress.com/127.0.0.1#5353
-ipset=/.uyghurpress.com/gfwlist
-server=/.uygur.fc2web.com/127.0.0.1#5353
-ipset=/.uygur.fc2web.com/gfwlist
-server=/.uygur.org/127.0.0.1#5353
-ipset=/.uygur.org/gfwlist
-server=/.uymaarip.com/127.0.0.1#5353
-ipset=/.uymaarip.com/gfwlist
-server=/.vaayoo.com/127.0.0.1#5353
-ipset=/.vaayoo.com/gfwlist
-server=/.van001.com/127.0.0.1#5353
-ipset=/.van001.com/gfwlist
-server=/.van698.com/127.0.0.1#5353
-ipset=/.van698.com/gfwlist
-server=/.vanemu.cn/127.0.0.1#5353
-ipset=/.vanemu.cn/gfwlist
-server=/.vanilla-jp.com/127.0.0.1#5353
-ipset=/.vanilla-jp.com/gfwlist
-server=/.vansky.com/127.0.0.1#5353
-ipset=/.vansky.com/gfwlist
-server=/.vatn.org/127.0.0.1#5353
-ipset=/.vatn.org/gfwlist
-server=/.vcfbuilder.org/127.0.0.1#5353
-ipset=/.vcfbuilder.org/gfwlist
-server=/.vcf-online.org/127.0.0.1#5353
-ipset=/.vcf-online.org/gfwlist
-server=/.vds.rightster.com/127.0.0.1#5353
-ipset=/.vds.rightster.com/gfwlist
-server=/.veempiire.com/127.0.0.1#5353
-ipset=/.veempiire.com/gfwlist
-server=/.velkaepocha.sk/127.0.0.1#5353
-ipset=/.velkaepocha.sk/gfwlist
-server=/.venbbs.com/127.0.0.1#5353
-ipset=/.venbbs.com/gfwlist
-server=/.venchina.com/127.0.0.1#5353
-ipset=/.venchina.com/gfwlist
-server=/.ventureswell.com/127.0.0.1#5353
-ipset=/.ventureswell.com/gfwlist
-server=/.veoh.com/127.0.0.1#5353
-ipset=/.veoh.com/gfwlist
-server=/.vermonttibet.org/127.0.0.1#5353
-ipset=/.vermonttibet.org/gfwlist
-server=/.versavpn.com/127.0.0.1#5353
-ipset=/.versavpn.com/gfwlist
-server=/.verybs.com/127.0.0.1#5353
-ipset=/.verybs.com/gfwlist
-server=/.vevo.com/127.0.0.1#5353
-ipset=/.vevo.com/gfwlist
-server=/.viber.com/127.0.0.1#5353
-ipset=/.viber.com/gfwlist
-server=/.vica.info/127.0.0.1#5353
-ipset=/.vica.info/gfwlist
-server=/.victimsofcommunism.org/127.0.0.1#5353
-ipset=/.victimsofcommunism.org/gfwlist
-server=/.vid.me/127.0.0.1#5353
-ipset=/.vid.me/gfwlist
-server=/.video.aol.ca/127.0.0.1#5353
-ipset=/.video.aol.ca/gfwlist
-server=/.video.aol.co.uk/127.0.0.1#5353
-ipset=/.video.aol.co.uk/gfwlist
-server=/.video.aol.com/127.0.0.1#5353
-ipset=/.video.aol.com/gfwlist
-server=/.video.ap.org/127.0.0.1#5353
-ipset=/.video.ap.org/gfwlist
-server=/.video.fdbox.com/127.0.0.1#5353
-ipset=/.video.fdbox.com/gfwlist
-server=/.video.foxbusiness.com/127.0.0.1#5353
-ipset=/.video.foxbusiness.com/gfwlist
-server=/.video.yahoo.com/127.0.0.1#5353
-ipset=/.video.yahoo.com/gfwlist
-server=/.videobam.com/127.0.0.1#5353
-ipset=/.videobam.com/gfwlist
-server=/.videomega.tv/127.0.0.1#5353
-ipset=/.videomega.tv/gfwlist
-server=/.videomo.com/127.0.0.1#5353
-ipset=/.videomo.com/gfwlist
-server=/.videopediaworld.com/127.0.0.1#5353
-ipset=/.videopediaworld.com/gfwlist
-server=/.vidinfo.org/127.0.0.1#5353
-ipset=/.vidinfo.org/gfwlist
-server=/.vidoemo.com/127.0.0.1#5353
-ipset=/.vidoemo.com/gfwlist
-server=/.vietdaikynguyen.com/127.0.0.1#5353
-ipset=/.vietdaikynguyen.com/gfwlist
-server=/.views.fm/127.0.0.1#5353
-ipset=/.views.fm/gfwlist
-server=/.vijayatemple.org/127.0.0.1#5353
-ipset=/.vijayatemple.org/gfwlist
-server=/.viki.com/127.0.0.1#5353
-ipset=/.viki.com/gfwlist
-server=/.vimeo.com/127.0.0.1#5353
-ipset=/.vimeo.com/gfwlist
-server=/.vimgolf.com/127.0.0.1#5353
-ipset=/.vimgolf.com/gfwlist
-server=/.vimperator.org/127.0.0.1#5353
-ipset=/.vimperator.org/gfwlist
-server=/.vincnd.com/127.0.0.1#5353
-ipset=/.vincnd.com/gfwlist
-server=/.vinniev.com/127.0.0.1#5353
-ipset=/.vinniev.com/gfwlist
-server=/.vital247.org/127.0.0.1#5353
-ipset=/.vital247.org/gfwlist
-server=/.vivatube.com/127.0.0.1#5353
-ipset=/.vivatube.com/gfwlist
-server=/.vivthomas.com/127.0.0.1#5353
-ipset=/.vivthomas.com/gfwlist
-server=/.vjmedia.com.hk/127.0.0.1#5353
-ipset=/.vjmedia.com.hk/gfwlist
-server=/.vllcs.org/127.0.0.1#5353
-ipset=/.vllcs.org/gfwlist
-server=/.vlog.xuite.net/127.0.0.1#5353
-ipset=/.vlog.xuite.net/gfwlist
-server=/.vmixcore.com/127.0.0.1#5353
-ipset=/.vmixcore.com/gfwlist
-server=/.vn.hao123.com/127.0.0.1#5353
-ipset=/.vn.hao123.com/gfwlist
-server=/.voa-11.akacast.akamaistream.net/127.0.0.1#5353
-ipset=/.voa-11.akacast.akamaistream.net/gfwlist
-server=/.voacantonese.com/127.0.0.1#5353
-ipset=/.voacantonese.com/gfwlist
-server=/.voachinese.com/127.0.0.1#5353
-ipset=/.voachinese.com/gfwlist
-server=/.voachineseblog.com/127.0.0.1#5353
-ipset=/.voachineseblog.com/gfwlist
-server=/.voagd.com/127.0.0.1#5353
-ipset=/.voagd.com/gfwlist
-server=/.voanews.com/127.0.0.1#5353
-ipset=/.voanews.com/gfwlist
-server=/.voatibetan.com/127.0.0.1#5353
-ipset=/.voatibetan.com/gfwlist
-server=/.voatibetanenglish.com/127.0.0.1#5353
-ipset=/.voatibetanenglish.com/gfwlist
-server=/.vocn.tv/127.0.0.1#5353
-ipset=/.vocn.tv/gfwlist
-server=/.vot.org/127.0.0.1#5353
-ipset=/.vot.org/gfwlist
-server=/.vpn.cjb.net/127.0.0.1#5353
-ipset=/.vpn.cjb.net/gfwlist
-server=/.vpn4all.com/127.0.0.1#5353
-ipset=/.vpn4all.com/gfwlist
-server=/.vpnbook.com/127.0.0.1#5353
-ipset=/.vpnbook.com/gfwlist
-server=/.vpnfan.com/127.0.0.1#5353
-ipset=/.vpnfan.com/gfwlist
-server=/.vpnfire.com/127.0.0.1#5353
-ipset=/.vpnfire.com/gfwlist
-server=/.vpnforgame.net/127.0.0.1#5353
-ipset=/.vpnforgame.net/gfwlist
-server=/.vpngate.jp/127.0.0.1#5353
-ipset=/.vpngate.jp/gfwlist
-server=/.vpngate.net/127.0.0.1#5353
-ipset=/.vpngate.net/gfwlist
-server=/.vpnhq.com/127.0.0.1#5353
-ipset=/.vpnhq.com/gfwlist
-server=/.vpninja.net/127.0.0.1#5353
-ipset=/.vpninja.net/gfwlist
-server=/.vpnmaster.com/127.0.0.1#5353
-ipset=/.vpnmaster.com/gfwlist
-server=/.vpnpick.com/127.0.0.1#5353
-ipset=/.vpnpick.com/gfwlist
-server=/.vpnpop.com/127.0.0.1#5353
-ipset=/.vpnpop.com/gfwlist
-server=/.vpnpronet.com/127.0.0.1#5353
-ipset=/.vpnpronet.com/gfwlist
-server=/.vpnreactor.com/127.0.0.1#5353
-ipset=/.vpnreactor.com/gfwlist
-server=/.vpnreviewz.com/127.0.0.1#5353
-ipset=/.vpnreviewz.com/gfwlist
-server=/.vpntunnel.com/127.0.0.1#5353
-ipset=/.vpntunnel.com/gfwlist
-server=/.vpnuk.info/127.0.0.1#5353
-ipset=/.vpnuk.info/gfwlist
-server=/.vpnvip.com/127.0.0.1#5353
-ipset=/.vpnvip.com/gfwlist
-server=/.vporn.com/127.0.0.1#5353
-ipset=/.vporn.com/gfwlist
-server=/.vraiesagesse.net/127.0.0.1#5353
-ipset=/.vraiesagesse.net/gfwlist
-server=/.vtunnel.com/127.0.0.1#5353
-ipset=/.vtunnel.com/gfwlist
-server=/.w.idaiwan.com/127.0.0.1#5353
-ipset=/.w.idaiwan.com/gfwlist
-server=/.w.org/127.0.0.1#5353
-ipset=/.w.org/gfwlist
-server=/.w3schools.com/127.0.0.1#5353
-ipset=/.w3schools.com/gfwlist
-server=/.waffle1999.com/127.0.0.1#5353
-ipset=/.waffle1999.com/gfwlist
-server=/.wahas.com/127.0.0.1#5353
-ipset=/.wahas.com/gfwlist
-server=/.waigaobu.com/127.0.0.1#5353
-ipset=/.waigaobu.com/gfwlist
-server=/.waikeung.org/127.0.0.1#5353
-ipset=/.waikeung.org/gfwlist
-server=/.waiwaier.com/127.0.0.1#5353
-ipset=/.waiwaier.com/gfwlist
-server=/.wallornot.org/127.0.0.1#5353
-ipset=/.wallornot.org/gfwlist
-server=/.wallpapercasa.com/127.0.0.1#5353
-ipset=/.wallpapercasa.com/gfwlist
-server=/.waltermartin.com/127.0.0.1#5353
-ipset=/.waltermartin.com/gfwlist
-server=/.waltermartin.org/127.0.0.1#5353
-ipset=/.waltermartin.org/gfwlist
-server=/.wanderinghorse.net/127.0.0.1#5353
-ipset=/.wanderinghorse.net/gfwlist
-server=/.wangafu.net/127.0.0.1#5353
-ipset=/.wangafu.net/gfwlist
-server=/.wangjinbo.org/127.0.0.1#5353
-ipset=/.wangjinbo.org/gfwlist
-server=/.wanglixiong.com/127.0.0.1#5353
-ipset=/.wanglixiong.com/gfwlist
-server=/.wango.org/127.0.0.1#5353
-ipset=/.wango.org/gfwlist
-server=/.wangruoshui.net/127.0.0.1#5353
-ipset=/.wangruoshui.net/gfwlist
-server=/.want-daily.com/127.0.0.1#5353
-ipset=/.want-daily.com/gfwlist
-server=/.wanz-factory.com/127.0.0.1#5353
-ipset=/.wanz-factory.com/gfwlist
-server=/.wapedia.mobi/127.0.0.1#5353
-ipset=/.wapedia.mobi/gfwlist
-server=/.waselpro.com/127.0.0.1#5353
-ipset=/.waselpro.com/gfwlist
-server=/.washeng.net/127.0.0.1#5353
-ipset=/.washeng.net/gfwlist
-server=/.watchmygf.net/127.0.0.1#5353
-ipset=/.watchmygf.net/gfwlist
-server=/.wattpad.com/127.0.0.1#5353
-ipset=/.wattpad.com/gfwlist
-server=/.wav.tv/127.0.0.1#5353
-ipset=/.wav.tv/gfwlist
-server=/.wdf5.com/127.0.0.1#5353
-ipset=/.wdf5.com/gfwlist
-server=/.wearn.com/127.0.0.1#5353
-ipset=/.wearn.com/gfwlist
-server=/.web2project.net/127.0.0.1#5353
-ipset=/.web2project.net/gfwlist
-server=/.webbang.net/127.0.0.1#5353
-ipset=/.webbang.net/gfwlist
-server=/.webfee.tk/127.0.0.1#5353
-ipset=/.webfee.tk/gfwlist
-server=/.weblagu.com/127.0.0.1#5353
-ipset=/.weblagu.com/gfwlist
-server=/.webmproject.org/127.0.0.1#5353
-ipset=/.webmproject.org/gfwlist
-server=/.websitepulse.com/127.0.0.1#5353
-ipset=/.websitepulse.com/gfwlist
-server=/.webs-tv.net/127.0.0.1#5353
-ipset=/.webs-tv.net/gfwlist
-server=/.webworkerdaily.com/127.0.0.1#5353
-ipset=/.webworkerdaily.com/gfwlist
-server=/.weekmag.info/127.0.0.1#5353
-ipset=/.weekmag.info/gfwlist
-server=/.wefightcensorship.org/127.0.0.1#5353
-ipset=/.wefightcensorship.org/gfwlist
-server=/.wefong.com/127.0.0.1#5353
-ipset=/.wefong.com/gfwlist
-server=/.weiboleak.com/127.0.0.1#5353
-ipset=/.weiboleak.com/gfwlist
-server=/.weijingsheng.org/127.0.0.1#5353
-ipset=/.weijingsheng.org/gfwlist
-server=/.weiming.info/127.0.0.1#5353
-ipset=/.weiming.info/gfwlist
-server=/.weiquanwang.org/127.0.0.1#5353
-ipset=/.weiquanwang.org/gfwlist
-server=/.weisuo.ws/127.0.0.1#5353
-ipset=/.weisuo.ws/gfwlist
-server=/.wemigrate.org/127.0.0.1#5353
-ipset=/.wemigrate.org/gfwlist
-server=/.wengewang.com/127.0.0.1#5353
-ipset=/.wengewang.com/gfwlist
-server=/.wengewang.org/127.0.0.1#5353
-ipset=/.wengewang.org/gfwlist
-server=/.wenhui.ch/127.0.0.1#5353
-ipset=/.wenhui.ch/gfwlist
-server=/.wenxuecity.com/127.0.0.1#5353
-ipset=/.wenxuecity.com/gfwlist
-server=/.wenyunchao.com/127.0.0.1#5353
-ipset=/.wenyunchao.com/gfwlist
-server=/.wepn.info/127.0.0.1#5353
-ipset=/.wepn.info/gfwlist
-server=/.westca.com/127.0.0.1#5353
-ipset=/.westca.com/gfwlist
-server=/.westernshugdensociety.org/127.0.0.1#5353
-ipset=/.westernshugdensociety.org/gfwlist
-server=/.westernwolves.com/127.0.0.1#5353
-ipset=/.westernwolves.com/gfwlist
-server=/.westkit.net/127.0.0.1#5353
-ipset=/.westkit.net/gfwlist
-server=/.westpoint.edu/127.0.0.1#5353
-ipset=/.westpoint.edu/gfwlist
-server=/.wetplace.com/127.0.0.1#5353
-ipset=/.wetplace.com/gfwlist
-server=/.wetpussygames.com/127.0.0.1#5353
-ipset=/.wetpussygames.com/gfwlist
-server=/.wexiaobo.org/127.0.0.1#5353
-ipset=/.wexiaobo.org/gfwlist
-server=/.wezhiyong.org/127.0.0.1#5353
-ipset=/.wezhiyong.org/gfwlist
-server=/.wezone.net/127.0.0.1#5353
-ipset=/.wezone.net/gfwlist
-server=/.wforum.com/127.0.0.1#5353
-ipset=/.wforum.com/gfwlist
-server=/.whatblocked.com/127.0.0.1#5353
-ipset=/.whatblocked.com/gfwlist
-server=/.wheelockslatin.com/127.0.0.1#5353
-ipset=/.wheelockslatin.com/gfwlist
-server=/.whereiswerner.com/127.0.0.1#5353
-ipset=/.whereiswerner.com/gfwlist
-server=/.wheretowatch.com/127.0.0.1#5353
-ipset=/.wheretowatch.com/gfwlist
-server=/.whippedass.com/127.0.0.1#5353
-ipset=/.whippedass.com/gfwlist
-server=/.whitebear.freebearblog.org/127.0.0.1#5353
-ipset=/.whitebear.freebearblog.org/gfwlist
-server=/.who.is/127.0.0.1#5353
-ipset=/.who.is/gfwlist
-server=/.whylover.com/127.0.0.1#5353
-ipset=/.whylover.com/gfwlist
-server=/.whyx.org/127.0.0.1#5353
-ipset=/.whyx.org/gfwlist
-server=/.wiki.cnitter.com/127.0.0.1#5353
-ipset=/.wiki.cnitter.com/gfwlist
-server=/.wiki.esu.im/127.0.0.1#5353
-ipset=/.wiki.esu.im/gfwlist
-server=/.wiki.gamerp.jp/127.0.0.1#5353
-ipset=/.wiki.gamerp.jp/gfwlist
-server=/.wiki.jqueryui.com/127.0.0.1#5353
-ipset=/.wiki.jqueryui.com/gfwlist
-server=/.wiki.keso.cn/127.0.0.1#5353
-ipset=/.wiki.keso.cn/gfwlist
-server=/.wiki.moegirl.org/127.0.0.1#5353
-ipset=/.wiki.moegirl.org/gfwlist
-server=/.wiki.oauth.net/127.0.0.1#5353
-ipset=/.wiki.oauth.net/gfwlist
-server=/.wiki.phonegap.com/127.0.0.1#5353
-ipset=/.wiki.phonegap.com/gfwlist
-server=/.wikileaks.ch/127.0.0.1#5353
-ipset=/.wikileaks.ch/gfwlist
-server=/.wikileaks.de/127.0.0.1#5353
-ipset=/.wikileaks.de/gfwlist
-server=/.wikileaks.eu/127.0.0.1#5353
-ipset=/.wikileaks.eu/gfwlist
-server=/.wikileaks.lu/127.0.0.1#5353
-ipset=/.wikileaks.lu/gfwlist
-server=/.wikileaks.org/127.0.0.1#5353
-ipset=/.wikileaks.org/gfwlist
-server=/.wikileaks.pl/127.0.0.1#5353
-ipset=/.wikileaks.pl/gfwlist
-server=/.wikilivres.info/127.0.0.1#5353
-ipset=/.wikilivres.info/gfwlist
-server=/.wikimapia.org/127.0.0.1#5353
-ipset=/.wikimapia.org/gfwlist
-server=/.wikiwiki.jp/127.0.0.1#5353
-ipset=/.wikiwiki.jp/gfwlist
-server=/.willw.net/127.0.0.1#5353
-ipset=/.willw.net/gfwlist
-server=/.windowsphoneme.com/127.0.0.1#5353
-ipset=/.windowsphoneme.com/gfwlist
-server=/.wingamestore.com/127.0.0.1#5353
-ipset=/.wingamestore.com/gfwlist
-server=/.winwhispers.info/127.0.0.1#5353
-ipset=/.winwhispers.info/gfwlist
-server=/.wiredbytes.com/127.0.0.1#5353
-ipset=/.wiredbytes.com/gfwlist
-server=/.wiredpen.com/127.0.0.1#5353
-ipset=/.wiredpen.com/gfwlist
-server=/.wireshark.org/127.0.0.1#5353
-ipset=/.wireshark.org/gfwlist
-server=/.wisdompubs.org/127.0.0.1#5353
-ipset=/.wisdompubs.org/gfwlist
-server=/.wisevid.com/127.0.0.1#5353
-ipset=/.wisevid.com/gfwlist
-server=/.withgoogle.com/127.0.0.1#5353
-ipset=/.withgoogle.com/gfwlist
-server=/.witnessleeteaching.com/127.0.0.1#5353
-ipset=/.witnessleeteaching.com/gfwlist
-server=/.witopia.net/127.0.0.1#5353
-ipset=/.witopia.net/gfwlist
-server=/.wjbk.org/127.0.0.1#5353
-ipset=/.wjbk.org/gfwlist
-server=/.wlcnew.jigsy.com/127.0.0.1#5353
-ipset=/.wlcnew.jigsy.com/gfwlist
-server=/.wlx.sowiki.net/127.0.0.1#5353
-ipset=/.wlx.sowiki.net/gfwlist
-server=/.wn.com/127.0.0.1#5353
-ipset=/.wn.com/gfwlist
-server=/.wnacg.com/127.0.0.1#5353
-ipset=/.wnacg.com/gfwlist
-server=/.wo.tc/127.0.0.1#5353
-ipset=/.wo.tc/gfwlist
-server=/.woeser.com/127.0.0.1#5353
-ipset=/.woeser.com/gfwlist
-server=/.woesermiddle-way.net/127.0.0.1#5353
-ipset=/.woesermiddle-way.net/gfwlist
-server=/.wokar.org/127.0.0.1#5353
-ipset=/.wokar.org/gfwlist
-server=/.wolfax.com/127.0.0.1#5353
-ipset=/.wolfax.com/gfwlist
-server=/.woopie.jp/127.0.0.1#5353
-ipset=/.woopie.jp/gfwlist
-server=/.woopie.tv/127.0.0.1#5353
-ipset=/.woopie.tv/gfwlist
-server=/.wordpress.com/127.0.0.1#5353
-ipset=/.wordpress.com/gfwlist
-server=/.workatruna.com/127.0.0.1#5353
-ipset=/.workatruna.com/gfwlist
-server=/.workerdemo.org.hk/127.0.0.1#5353
-ipset=/.workerdemo.org.hk/gfwlist
-server=/.workersthebig.net/127.0.0.1#5353
-ipset=/.workersthebig.net/gfwlist
-server=/.worldcat.org/127.0.0.1#5353
-ipset=/.worldcat.org/gfwlist
-server=/.worldjournal.com/127.0.0.1#5353
-ipset=/.worldjournal.com/gfwlist
-server=/.wowlegacy.ml/127.0.0.1#5353
-ipset=/.wowlegacy.ml/gfwlist
-server=/.wow-life.net/127.0.0.1#5353
-ipset=/.wow-life.net/gfwlist
-server=/.woxinghuiguo.com/127.0.0.1#5353
-ipset=/.woxinghuiguo.com/gfwlist
-server=/.wozy.in/127.0.0.1#5353
-ipset=/.wozy.in/gfwlist
-server=/.wp.com/127.0.0.1#5353
-ipset=/.wp.com/gfwlist
-server=/.wpoforum.com/127.0.0.1#5353
-ipset=/.wpoforum.com/gfwlist
-server=/.wqlhw.com/127.0.0.1#5353
-ipset=/.wqlhw.com/gfwlist
-server=/.wqyd.org/127.0.0.1#5353
-ipset=/.wqyd.org/gfwlist
-server=/.wrchina.org/127.0.0.1#5353
-ipset=/.wrchina.org/gfwlist
-server=/.wretch.cc/127.0.0.1#5353
-ipset=/.wretch.cc/gfwlist
-server=/.writer.zoho.com/127.0.0.1#5353
-ipset=/.writer.zoho.com/gfwlist
-server=/.wsj.com/127.0.0.1#5353
-ipset=/.wsj.com/gfwlist
-server=/.wsj.net/127.0.0.1#5353
-ipset=/.wsj.net/gfwlist
-server=/.wsjhk.com/127.0.0.1#5353
-ipset=/.wsjhk.com/gfwlist
-server=/.wtbn.org/127.0.0.1#5353
-ipset=/.wtbn.org/gfwlist
-server=/.wtfpeople.com/127.0.0.1#5353
-ipset=/.wtfpeople.com/gfwlist
-server=/.wuala.com/127.0.0.1#5353
-ipset=/.wuala.com/gfwlist
-server=/.wuerkaixi.com/127.0.0.1#5353
-ipset=/.wuerkaixi.com/gfwlist
-server=/.wufoo.com/127.0.0.1#5353
-ipset=/.wufoo.com/gfwlist
-server=/.wuguoguang.com/127.0.0.1#5353
-ipset=/.wuguoguang.com/gfwlist
-server=/.wujie.net/127.0.0.1#5353
-ipset=/.wujie.net/gfwlist
-server=/.wujieliulan.com/127.0.0.1#5353
-ipset=/.wujieliulan.com/gfwlist
-server=/.wukangrui.net/127.0.0.1#5353
-ipset=/.wukangrui.net/gfwlist
-server=/.wwitv.com/127.0.0.1#5353
-ipset=/.wwitv.com/gfwlist
-server=/.www.ajsands.com/127.0.0.1#5353
-ipset=/.www.ajsands.com/gfwlist
-server=/.www.antd.org/127.0.0.1#5353
-ipset=/.www.antd.org/gfwlist
-server=/.www.aolnews.com/127.0.0.1#5353
-ipset=/.www.aolnews.com/gfwlist
-server=/.www.businessinsider.com.au/127.0.0.1#5353
-ipset=/.www.businessinsider.com.au/gfwlist
-server=/.www.citizenlab.org/127.0.0.1#5353
-ipset=/.www.citizenlab.org/gfwlist
-server=/.www.cmoinc.org/127.0.0.1#5353
-ipset=/.www.cmoinc.org/gfwlist
-server=/.www.cool18.com/127.0.0.1#5353
-ipset=/.www.cool18.com/gfwlist
-server=/.www.dfanning.com/127.0.0.1#5353
-ipset=/.www.dfanning.com/gfwlist
-server=/.www.dw.com/127.0.0.1#5353
-ipset=/.www.dw.com/gfwlist
-server=/.www.dwheeler.com/127.0.0.1#5353
-ipset=/.www.dwheeler.com/gfwlist
-server=/.www.eastturkistan.net/127.0.0.1#5353
-ipset=/.www.eastturkistan.net/gfwlist
-server=/.www.forum4hk.com/127.0.0.1#5353
-ipset=/.www.forum4hk.com/gfwlist
-server=/.www.gmiddle.com/127.0.0.1#5353
-ipset=/.www.gmiddle.com/gfwlist
-server=/.www.gmiddle.net/127.0.0.1#5353
-ipset=/.www.gmiddle.net/gfwlist
-server=/.www.hustlercash.com/127.0.0.1#5353
-ipset=/.www.hustlercash.com/gfwlist
-server=/.www.idlcoyote.com/127.0.0.1#5353
-ipset=/.www.idlcoyote.com/gfwlist
-server=/.www.imdb.com/127.0.0.1#5353
-ipset=/.www.imdb.com/gfwlist
-server=/.www.kindleren.com/127.0.0.1#5353
-ipset=/.www.kindleren.com/gfwlist
-server=/.www.klip.me/127.0.0.1#5353
-ipset=/.www.klip.me/gfwlist
-server=/.www.konachan.com/127.0.0.1#5353
-ipset=/.www.konachan.com/gfwlist
-server=/.www.lamenhu.com/127.0.0.1#5353
-ipset=/.www.lamenhu.com/gfwlist
-server=/.www.lib.virginia.edu/127.0.0.1#5353
-ipset=/.www.lib.virginia.edu/gfwlist
-server=/.www.linksalpha.com/127.0.0.1#5353
-ipset=/.www.linksalpha.com/gfwlist
-server=/.www.macrovpn.com/127.0.0.1#5353
-ipset=/.www.macrovpn.com/gfwlist
-server=/.www.metro.taipei/127.0.0.1#5353
-ipset=/.www.metro.taipei/gfwlist
-server=/.www.monlamit.org/127.0.0.1#5353
-ipset=/.www.monlamit.org/gfwlist
-server=/.www.moztw.org/127.0.0.1#5353
-ipset=/.www.moztw.org/gfwlist
-server=/.www.m-sport.co.uk/127.0.0.1#5353
-ipset=/.www.m-sport.co.uk/gfwlist
-server=/.www.mycould.com/127.0.0.1#5353
-ipset=/.www.mycould.com/gfwlist
-server=/.www.nbc.com/127.0.0.1#5353
-ipset=/.www.nbc.com/gfwlist
-server=/.www.onion.city/127.0.0.1#5353
-ipset=/.www.onion.city/gfwlist
-server=/.www.orchidbbs.com/127.0.0.1#5353
-ipset=/.www.orchidbbs.com/gfwlist
-server=/.www.osmdroid.net/127.0.0.1#5353
-ipset=/.www.osmdroid.net/gfwlist
-server=/.www.owind.com/127.0.0.1#5353
-ipset=/.www.owind.com/gfwlist
-server=/.www.oxid.it/127.0.0.1#5353
-ipset=/.www.oxid.it/gfwlist
-server=/.www.parkansky.com/127.0.0.1#5353
-ipset=/.www.parkansky.com/gfwlist
-server=/.www.powerpointninja.com/127.0.0.1#5353
-ipset=/.www.powerpointninja.com/gfwlist
-server=/.www.s4miniarchive.com/127.0.0.1#5353
-ipset=/.www.s4miniarchive.com/gfwlist
-server=/.www.sciencemag.org/127.0.0.1#5353
-ipset=/.www.sciencemag.org/gfwlist
-server=/.www.skype.com/127.0.0.1#5353
-ipset=/.www.skype.com/gfwlist
-server=/.www.somee.com/127.0.0.1#5353
-ipset=/.www.somee.com/gfwlist
-server=/.www.stackfile.com/127.0.0.1#5353
-ipset=/.www.stackfile.com/gfwlist
-server=/.www.supertweet.net/127.0.0.1#5353
-ipset=/.www.supertweet.net/gfwlist
-server=/.www.tablesgenerator.com/127.0.0.1#5353
-ipset=/.www.tablesgenerator.com/gfwlist
-server=/.www.taiwanonline.cc/127.0.0.1#5353
-ipset=/.www.taiwanonline.cc/gfwlist
-server=/.www.thechinastory.org/127.0.0.1#5353
-ipset=/.www.thechinastory.org/gfwlist
-server=/.www.tsuru-bird.net/127.0.0.1#5353
-ipset=/.www.tsuru-bird.net/gfwlist
-server=/.www.tv.com/127.0.0.1#5353
-ipset=/.www.tv.com/gfwlist
-server=/.www.urbanoutfitters.com/127.0.0.1#5353
-ipset=/.www.urbanoutfitters.com/gfwlist
-server=/.www.vegorpedersen.com/127.0.0.1#5353
-ipset=/.www.vegorpedersen.com/gfwlist
-server=/.www.voy.com/127.0.0.1#5353
-ipset=/.www.voy.com/gfwlist
-server=/.www.vpncup.com/127.0.0.1#5353
-ipset=/.www.vpncup.com/gfwlist
-server=/.www.wangruowang.org/127.0.0.1#5353
-ipset=/.www.wangruowang.org/gfwlist
-server=/.www.wan-press.org/127.0.0.1#5353
-ipset=/.www.wan-press.org/gfwlist
-server=/.www.websnapr.com/127.0.0.1#5353
-ipset=/.www.websnapr.com/gfwlist
-server=/.www.wet123.com/127.0.0.1#5353
-ipset=/.www.wet123.com/gfwlist
-server=/.www.zaurus.org.uk/127.0.0.1#5353
-ipset=/.www.zaurus.org.uk/gfwlist
-server=/.www.zensur.freerk.com/127.0.0.1#5353
-ipset=/.www.zensur.freerk.com/gfwlist
-server=/.www.zfreet.com/127.0.0.1#5353
-ipset=/.www.zfreet.com/gfwlist
-server=/.www1.american.edu/127.0.0.1#5353
-ipset=/.www1.american.edu/gfwlist
-server=/.www2.ohchr.org/127.0.0.1#5353
-ipset=/.www2.ohchr.org/gfwlist
-server=/.www2.rocketbbs.com/127.0.0.1#5353
-ipset=/.www2.rocketbbs.com/gfwlist
-server=/.wzyboy.im/127.0.0.1#5353
-ipset=/.wzyboy.im/gfwlist
-server=/.x.xcity.jp/127.0.0.1#5353
-ipset=/.x.xcity.jp/gfwlist
-server=/.x1949x.com/127.0.0.1#5353
-ipset=/.x1949x.com/gfwlist
-server=/.x365x.com/127.0.0.1#5353
-ipset=/.x365x.com/gfwlist
-server=/.xa.yimg.com/127.0.0.1#5353
-ipset=/.xa.yimg.com/gfwlist
-server=/.xanga.com/127.0.0.1#5353
-ipset=/.xanga.com/gfwlist
-server=/.x-art.com/127.0.0.1#5353
-ipset=/.x-art.com/gfwlist
-server=/.xbabe.com/127.0.0.1#5353
-ipset=/.xbabe.com/gfwlist
-server=/.x-berry.com/127.0.0.1#5353
-ipset=/.x-berry.com/gfwlist
-server=/.xbookcn.com/127.0.0.1#5353
-ipset=/.xbookcn.com/gfwlist
-server=/.xcafe.in/127.0.0.1#5353
-ipset=/.xcafe.in/gfwlist
-server=/.xcritic.com/127.0.0.1#5353
-ipset=/.xcritic.com/gfwlist
-server=/.xda-developers.com/127.0.0.1#5353
-ipset=/.xda-developers.com/gfwlist
-server=/.xfm.pp.ru/127.0.0.1#5353
-ipset=/.xfm.pp.ru/gfwlist
-server=/.xgmyd.com/127.0.0.1#5353
-ipset=/.xgmyd.com/gfwlist
-server=/.xh4n.cn/127.0.0.1#5353
-ipset=/.xh4n.cn/gfwlist
-server=/.xhamster.com/127.0.0.1#5353
-ipset=/.xhamster.com/gfwlist
-server=/.xianqiao.net/127.0.0.1#5353
-ipset=/.xianqiao.net/gfwlist
-server=/.xiaochuncnjp.com/127.0.0.1#5353
-ipset=/.xiaochuncnjp.com/gfwlist
-server=/.xiaohexie.com/127.0.0.1#5353
-ipset=/.xiaohexie.com/gfwlist
-server=/.xiaolan.me/127.0.0.1#5353
-ipset=/.xiaolan.me/gfwlist
-server=/.xiaoma.org/127.0.0.1#5353
-ipset=/.xiaoma.org/gfwlist
-server=/.xiezhua.com/127.0.0.1#5353
-ipset=/.xiezhua.com/gfwlist
-server=/.xing.com/127.0.0.1#5353
-ipset=/.xing.com/gfwlist
-server=/.xinhuanet.org/127.0.0.1#5353
-ipset=/.xinhuanet.org/gfwlist
-server=/.xinmiao.com.hk/127.0.0.1#5353
-ipset=/.xinmiao.com.hk/gfwlist
-server=/.xinqimeng.over-blog.com/127.0.0.1#5353
-ipset=/.xinqimeng.over-blog.com/gfwlist
-server=/.xinsheng.net/127.0.0.1#5353
-ipset=/.xinsheng.net/gfwlist
-server=/.xinshijue.com/127.0.0.1#5353
-ipset=/.xinshijue.com/gfwlist
-server=/.xinyubbs.net/127.0.0.1#5353
-ipset=/.xinyubbs.net/gfwlist
-server=/.xiongpian.com/127.0.0.1#5353
-ipset=/.xiongpian.com/gfwlist
-server=/.xiuren.org/127.0.0.1#5353
-ipset=/.xiuren.org/gfwlist
-server=/.xizang-zhiye.org/127.0.0.1#5353
-ipset=/.xizang-zhiye.org/gfwlist
-server=/.xjp.cc/127.0.0.1#5353
-ipset=/.xjp.cc/gfwlist
-server=/.xlfmtalk.com/127.0.0.1#5353
-ipset=/.xlfmtalk.com/gfwlist
-server=/.xlfmwz.info/127.0.0.1#5353
-ipset=/.xlfmwz.info/gfwlist
-server=/.xml-training-guide.com/127.0.0.1#5353
-ipset=/.xml-training-guide.com/gfwlist
-server=/.xmovies.com/127.0.0.1#5353
-ipset=/.xmovies.com/gfwlist
-server=/.xn--4gq171p.com/127.0.0.1#5353
-ipset=/.xn--4gq171p.com/gfwlist
-server=/.xn--p8j9a0d9c9a.xn--q9jyb4c/127.0.0.1#5353
-ipset=/.xn--p8j9a0d9c9a.xn--q9jyb4c/gfwlist
-server=/.xnxx.com/127.0.0.1#5353
-ipset=/.xnxx.com/gfwlist
-server=/.xpdo.net/127.0.0.1#5353
-ipset=/.xpdo.net/gfwlist
-server=/.xpud.org/127.0.0.1#5353
-ipset=/.xpud.org/gfwlist
-server=/.xskywalker.com/127.0.0.1#5353
-ipset=/.xskywalker.com/gfwlist
-server=/.xtube.com/127.0.0.1#5353
-ipset=/.xtube.com/gfwlist
-server=/.xuchao.net/127.0.0.1#5353
-ipset=/.xuchao.net/gfwlist
-server=/.xuchao.org/127.0.0.1#5353
-ipset=/.xuchao.org/gfwlist
-server=/.xuzhiyong.net/127.0.0.1#5353
-ipset=/.xuzhiyong.net/gfwlist
-server=/.xvideos.com/127.0.0.1#5353
-ipset=/.xvideos.com/gfwlist
-server=/.xvideos.es/127.0.0.1#5353
-ipset=/.xvideos.es/gfwlist
-server=/.x-wall.org/127.0.0.1#5353
-ipset=/.x-wall.org/gfwlist
-server=/.xxbbx.com/127.0.0.1#5353
-ipset=/.xxbbx.com/gfwlist
-server=/.xxlmovies.com/127.0.0.1#5353
-ipset=/.xxlmovies.com/gfwlist
-server=/.xxxx.com.au/127.0.0.1#5353
-ipset=/.xxxx.com.au/gfwlist
-server=/.xys.dxiong.com/127.0.0.1#5353
-ipset=/.xys.dxiong.com/gfwlist
-server=/.xys.org/127.0.0.1#5353
-ipset=/.xys.org/gfwlist
-server=/.xysblogs.org/127.0.0.1#5353
-ipset=/.xysblogs.org/gfwlist
-server=/.xyy69.com/127.0.0.1#5353
-ipset=/.xyy69.com/gfwlist
-server=/.xyy69.info/127.0.0.1#5353
-ipset=/.xyy69.info/gfwlist
-server=/.yahoo.com.hk/127.0.0.1#5353
-ipset=/.yahoo.com.hk/gfwlist
-server=/.yakbutterblues.com/127.0.0.1#5353
-ipset=/.yakbutterblues.com/gfwlist
-server=/.yam.com/127.0.0.1#5353
-ipset=/.yam.com/gfwlist
-server=/.yangjianli.com/127.0.0.1#5353
-ipset=/.yangjianli.com/gfwlist
-server=/.yasni.co.uk/127.0.0.1#5353
-ipset=/.yasni.co.uk/gfwlist
-server=/.yasukuni.or.jp/127.0.0.1#5353
-ipset=/.yasukuni.or.jp/gfwlist
-server=/.ydy.com/127.0.0.1#5353
-ipset=/.ydy.com/gfwlist
-server=/.yeahteentube.com/127.0.0.1#5353
-ipset=/.yeahteentube.com/gfwlist
-server=/.yecl.net/127.0.0.1#5353
-ipset=/.yecl.net/gfwlist
-server=/.yeelou.com/127.0.0.1#5353
-ipset=/.yeelou.com/gfwlist
-server=/.yeeyi.com/127.0.0.1#5353
-ipset=/.yeeyi.com/gfwlist
-server=/.yegle.net/127.0.0.1#5353
-ipset=/.yegle.net/gfwlist
-server=/.yesasia.com/127.0.0.1#5353
-ipset=/.yesasia.com/gfwlist
-server=/.yesasia.com.hk/127.0.0.1#5353
-ipset=/.yesasia.com.hk/gfwlist
-server=/.yes-news.com/127.0.0.1#5353
-ipset=/.yes-news.com/gfwlist
-server=/.yhcw.net/127.0.0.1#5353
-ipset=/.yhcw.net/gfwlist
-server=/.yi.org/127.0.0.1#5353
-ipset=/.yi.org/gfwlist
-server=/.yibada.com/127.0.0.1#5353
-ipset=/.yibada.com/gfwlist
-server=/.yibaochina.com/127.0.0.1#5353
-ipset=/.yibaochina.com/gfwlist
-server=/.yidio.com/127.0.0.1#5353
-ipset=/.yidio.com/gfwlist
-server=/.yilubbs.com/127.0.0.1#5353
-ipset=/.yilubbs.com/gfwlist
-server=/.yinlei.org/127.0.0.1#5353
-ipset=/.yinlei.org/gfwlist
-server=/.yipub.com/127.0.0.1#5353
-ipset=/.yipub.com/gfwlist
-server=/.yobt.com/127.0.0.1#5353
-ipset=/.yobt.com/gfwlist
-server=/.yogichen.org/127.0.0.1#5353
-ipset=/.yogichen.org/gfwlist
-server=/.yong.hu/127.0.0.1#5353
-ipset=/.yong.hu/gfwlist
-server=/.yorkbbs.ca/127.0.0.1#5353
-ipset=/.yorkbbs.ca/gfwlist
-server=/.youjizz.com/127.0.0.1#5353
-ipset=/.youjizz.com/gfwlist
-server=/.youmaker.com/127.0.0.1#5353
-ipset=/.youmaker.com/gfwlist
-server=/.youpai.org/127.0.0.1#5353
-ipset=/.youpai.org/gfwlist
-server=/.youporn.com/127.0.0.1#5353
-ipset=/.youporn.com/gfwlist
-server=/.youporngay.com/127.0.0.1#5353
-ipset=/.youporngay.com/gfwlist
-server=/.yourepeat.com/127.0.0.1#5353
-ipset=/.yourepeat.com/gfwlist
-server=/.your-freedom.net/127.0.0.1#5353
-ipset=/.your-freedom.net/gfwlist
-server=/.yousendit.com/127.0.0.1#5353
-ipset=/.yousendit.com/gfwlist
-server=/.youthnetradio.org/127.0.0.1#5353
-ipset=/.youthnetradio.org/gfwlist
-server=/.youtu.be/127.0.0.1#5353
-ipset=/.youtu.be/gfwlist
-server=/.youtube.com/127.0.0.1#5353
-ipset=/.youtube.com/gfwlist
-server=/.youtubecn.com/127.0.0.1#5353
-ipset=/.youtubecn.com/gfwlist
-server=/.youtube-nocookie.com/127.0.0.1#5353
-ipset=/.youtube-nocookie.com/gfwlist
-server=/.youversion.com/127.0.0.1#5353
-ipset=/.youversion.com/gfwlist
-server=/.youxu.info/127.0.0.1#5353
-ipset=/.youxu.info/gfwlist
-server=/.ytht.net/127.0.0.1#5353
-ipset=/.ytht.net/gfwlist
-server=/.ytimg.com/127.0.0.1#5353
-ipset=/.ytimg.com/gfwlist
-server=/.yuanming.net/127.0.0.1#5353
-ipset=/.yuanming.net/gfwlist
-server=/.yuanzhengtang.org/127.0.0.1#5353
-ipset=/.yuanzhengtang.org/gfwlist
-server=/.yuming.flnet.org/127.0.0.1#5353
-ipset=/.yuming.flnet.org/gfwlist
-server=/.yunchao.net/127.0.0.1#5353
-ipset=/.yunchao.net/gfwlist
-server=/.yvesgeleyn.com/127.0.0.1#5353
-ipset=/.yvesgeleyn.com/gfwlist
-server=/.yx51.net/127.0.0.1#5353
-ipset=/.yx51.net/gfwlist
-server=/.yyii.org/127.0.0.1#5353
-ipset=/.yyii.org/gfwlist
-server=/.yymaya.com/127.0.0.1#5353
-ipset=/.yymaya.com/gfwlist
-server=/.yzzk.com/127.0.0.1#5353
-ipset=/.yzzk.com/gfwlist
-server=/.zacebook.com/127.0.0.1#5353
-ipset=/.zacebook.com/gfwlist
-server=/.zalmos.com/127.0.0.1#5353
-ipset=/.zalmos.com/gfwlist
-server=/.zannel.com/127.0.0.1#5353
-ipset=/.zannel.com/gfwlist
-server=/.zaobao.com/127.0.0.1#5353
-ipset=/.zaobao.com/gfwlist
-server=/.zaobao.com.sg/127.0.0.1#5353
-ipset=/.zaobao.com.sg/gfwlist
-server=/.zaozon.com/127.0.0.1#5353
-ipset=/.zaozon.com/gfwlist
-server=/.zarias.com/127.0.0.1#5353
-ipset=/.zarias.com/gfwlist
-server=/.zattoo.com/127.0.0.1#5353
-ipset=/.zattoo.com/gfwlist
-server=/.zengjinyan.org/127.0.0.1#5353
-ipset=/.zengjinyan.org/gfwlist
-server=/.zgzcjj.net/127.0.0.1#5353
-ipset=/.zgzcjj.net/gfwlist
-server=/.zh.m.wikipedia.org/127.0.0.1#5353
-ipset=/.zh.m.wikipedia.org/gfwlist
-server=/.zh.pokerstrategy.com/127.0.0.1#5353
-ipset=/.zh.pokerstrategy.com/gfwlist
-server=/.zh.uncyclopedia.wikia.com/127.0.0.1#5353
-ipset=/.zh.uncyclopedia.wikia.com/gfwlist
-server=/.zh.wikibooks.org/127.0.0.1#5353
-ipset=/.zh.wikibooks.org/gfwlist
-server=/.zh.wikinews.org/127.0.0.1#5353
-ipset=/.zh.wikinews.org/gfwlist
-server=/.zh.wikipedia.org/127.0.0.1#5353
-ipset=/.zh.wikipedia.org/gfwlist
-server=/.zh.wikisource.org/127.0.0.1#5353
-ipset=/.zh.wikisource.org/gfwlist
-server=/.zh.wikivoyage.org/127.0.0.1#5353
-ipset=/.zh.wikivoyage.org/gfwlist
-server=/.zh.wiktionary.org/127.0.0.1#5353
-ipset=/.zh.wiktionary.org/gfwlist
-server=/.zhanbin.net/127.0.0.1#5353
-ipset=/.zhanbin.net/gfwlist
-server=/.zhangboli.net/127.0.0.1#5353
-ipset=/.zhangboli.net/gfwlist
-server=/.zhangtianliang.com/127.0.0.1#5353
-ipset=/.zhangtianliang.com/gfwlist
-server=/.zhao.jinhai.de/127.0.0.1#5353
-ipset=/.zhao.jinhai.de/gfwlist
-server=/.zhenghui.org/127.0.0.1#5353
-ipset=/.zhenghui.org/gfwlist
-server=/.zhengwunet.org/127.0.0.1#5353
-ipset=/.zhengwunet.org/gfwlist
-server=/.zhenlibu.info/127.0.0.1#5353
-ipset=/.zhenlibu.info/gfwlist
-server=/.zhenxiang.biz/127.0.0.1#5353
-ipset=/.zhenxiang.biz/gfwlist
-server=/.zhinengluyou.com/127.0.0.1#5353
-ipset=/.zhinengluyou.com/gfwlist
-server=/.zhongguo.ca/127.0.0.1#5353
-ipset=/.zhongguo.ca/gfwlist
-server=/.zhongguorenquan.org/127.0.0.1#5353
-ipset=/.zhongguorenquan.org/gfwlist
-server=/.zhongguotese.net/127.0.0.1#5353
-ipset=/.zhongguotese.net/gfwlist
-server=/.zhongmeng.org/127.0.0.1#5353
-ipset=/.zhongmeng.org/gfwlist
-server=/.zhreader.com/127.0.0.1#5353
-ipset=/.zhreader.com/gfwlist
-server=/.zhuanxing.cn/127.0.0.1#5353
-ipset=/.zhuanxing.cn/gfwlist
-server=/.zhuatieba.com/127.0.0.1#5353
-ipset=/.zhuatieba.com/gfwlist
-server=/.zhuichaguoji.org/127.0.0.1#5353
-ipset=/.zhuichaguoji.org/gfwlist
-server=/.ziddu.com/127.0.0.1#5353
-ipset=/.ziddu.com/gfwlist
-server=/.zillionk.com/127.0.0.1#5353
-ipset=/.zillionk.com/gfwlist
-server=/.zinio.com/127.0.0.1#5353
-ipset=/.zinio.com/gfwlist
-server=/.ziplib.com/127.0.0.1#5353
-ipset=/.ziplib.com/gfwlist
-server=/.zkaip.com/127.0.0.1#5353
-ipset=/.zkaip.com/gfwlist
-server=/.zlib.net/127.0.0.1#5353
-ipset=/.zlib.net/gfwlist
-server=/.zmw.cn/127.0.0.1#5353
-ipset=/.zmw.cn/gfwlist
-server=/.zomobo.net/127.0.0.1#5353
-ipset=/.zomobo.net/gfwlist
-server=/.zonaeuropa.com/127.0.0.1#5353
-ipset=/.zonaeuropa.com/gfwlist
-server=/.zootool.com/127.0.0.1#5353
-ipset=/.zootool.com/gfwlist
-server=/.zoozle.net/127.0.0.1#5353
-ipset=/.zoozle.net/gfwlist
-server=/.zozotown.com/127.0.0.1#5353
-ipset=/.zozotown.com/gfwlist
-server=/.zshare.net/127.0.0.1#5353
-ipset=/.zshare.net/gfwlist
-server=/.zsrhao.com/127.0.0.1#5353
-ipset=/.zsrhao.com/gfwlist
-server=/.zuo.la/127.0.0.1#5353
-ipset=/.zuo.la/gfwlist
-server=/.zuobiao.me/127.0.0.1#5353
-ipset=/.zuobiao.me/gfwlist
-server=/.zuola.com/127.0.0.1#5353
-ipset=/.zuola.com/gfwlist
-server=/.zvereff.com/127.0.0.1#5353
-ipset=/.zvereff.com/gfwlist
-server=/.zyzc9.com/127.0.0.1#5353
-ipset=/.zyzc9.com/gfwlist
diff --git a/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm b/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm
deleted file mode 100644
index 1fa47faec..000000000
--- a/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm
+++ /dev/null
@@ -1,7 +0,0 @@
-<%+header%>
-<h2><a id="content" name="content"><%:ShadowsocksR - GFW List%></a></h2>
-<div class="cbi-map-descr">ShadowsocksR内置的 GFW 名单</div>
-<div id="content_gfwlist">
-<textarea readonly="readonly" wrap="off" style="width: 100%" rows="20" id="gfwlist"><%=gfwlist:pcdata()%></textarea>
-</div>
-<%+footer%>
diff --git a/package/lean/shadowsocksR-libev-full/files/root b/package/lean/shadowsocksR-libev-full/files/root
deleted file mode 100644
index 9e3dfee9b..000000000
--- a/package/lean/shadowsocksR-libev-full/files/root
+++ /dev/null
@@ -1,3 +0,0 @@
-*/10 * * * * /root/ssr-watchdog >> /var/log/shadowsocksr_watchdog.log 2>&1
-0 1 * * 0 echo "" > /var/log/shadowsocksr_watchdog.log
-#0 1 * * 0 sleep 70 && touch /etc/banner && reboot
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr b/package/lean/shadowsocksR-libev-full/files/shadowsocksr
deleted file mode 100644
index f82e04b7a..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=95
-
-SERVICE_USE_PID=1
-SERVICE_WRITE_PID=1
-SERVICE_DAEMONIZE=1
-
-CONFIG=/etc/shadowsocksr.json
-
-start() {
-	service_start /usr/bin/ssr-local -c $CONFIG -l 8888
-	#service_start /usr/bin/ssr-redir -c $CONFIG
-	#service_start /usr/bin/ssr-tunnel -c $CONFIG -l 5353 -L 8.8.8.8:53 -U
-}
-
-stop() {
-	service_stop /usr/bin/ssr-local
-	#service_stop /usr/bin/ssr-redir
-	#service_stop /usr/bin/ssr-tunnel
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist
deleted file mode 100644
index e2dd33187..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=95
-
-SERVICE_USE_PID=1
-SERVICE_WRITE_PID=1
-SERVICE_DAEMONIZE=1
-
-CONFIG=/etc/shadowsocksr.json
-if [ ! -f $CONFIG ]; then
-  ln -sf /etc/shadowsocksr.json.main $CONFIG
-fi
-
-start() {
-	service_start /usr/bin/ssr-redir -c $CONFIG -b 0.0.0.0 -l 8989
-	sleep 1
-	service_start /usr/bin/ssr-tunnel -c $CONFIG -b 0.0.0.0 -l 5353 -L 8.8.8.8:53 -U
-	sleep 1
-}
-
-stop() {
-	service_stop /usr/bin/ssr-redir
-	sleep 1
-	service_stop /usr/bin/ssr-tunnel
-	sleep 1
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json
deleted file mode 100644
index c5e09e766..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-    "server": "serv-ro.ddns.info",
-    "server_port": 23143,
-    "password": "test.TEST",
-    "method": "aes-256-cfb",
-    "protocol": "origin",
-    "obfs": "plain",
-    "timeout": 120,
-    "supported_protocol": "origin, verify_simple, auth_simple, auth_sha1, auth_sha1_v2, auth_sha1_v4",
-    "supported_obfs": "plain, http_simple, tls1.0_session_auth, tls1.2_ticket_auth"
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua
deleted file mode 100644
index 18e852cdd..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua
+++ /dev/null
@@ -1,23 +0,0 @@
-local fs = require "nixio.fs"
-local conffile = "/etc/shadowsocksr.json.backup" 
-
-f = SimpleForm("general", translate("ShadowsocksR  - 备份服务器设置"), translate("ShadowsocksR 备份服务器设置地址，当主服务器不可时将自动连接到此服务器。  主服务器可用时将自动切换回主服务器"))
-
-t = f:field(TextValue, "conf")
-t.rmempty = true
-t.rows = 20
-function t.cfgvalue()
-	return fs.readfile(conffile) or ""
-end
-
-function f.handle(self, state, data)
-	if state == FORM_VALID then
-		if data.conf then
-			fs.writefile(conffile, data.conf:gsub("\r\n", "\n"))
-			luci.sys.call("/etc/init.d/shadowsocksr restart")
-		end
-	end
-	return true
-end
-
-return f
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua
deleted file mode 100644
index 4a20b6668..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua
+++ /dev/null
@@ -1,23 +0,0 @@
-local fs = require "nixio.fs"
-local conffile = "/etc/dnsmasq.d/custom_list.conf" 
-
-f = SimpleForm("custom", translate("ShadowsocksR - 自定义列表"), translate("ShadowsocksR 自动定义翻墙域名的列表。<BR />请参照以下写法去掉前面的 # 输入"))
-
-t = f:field(TextValue, "conf")
-t.rmempty = true
-t.rows = 20
-function t.cfgvalue()
-	return fs.readfile(conffile) or ""
-end
-
-function f.handle(self, state, data)
-	if state == FORM_VALID then
-		if data.conf then
-			fs.writefile(conffile, data.conf:gsub("\r\n", "\n"))
-			luci.sys.call("/etc/init.d/dnsmasq restart && ipset flush gfwlist")
-		end
-	end
-	return true
-end
-
-return f
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua
deleted file mode 100644
index bbd846088..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua
+++ /dev/null
@@ -1,23 +0,0 @@
-local fs = require "nixio.fs"
-local conffile = "/etc/shadowsocksr.json.main" 
-
-f = SimpleForm("general", translate("ShadowsocksR  - 主服务器配置"), translate("ShadowsocksR 主服务器配置文件，此服务器将优先被使用"))
-
-t = f:field(TextValue, "conf")
-t.rmempty = true
-t.rows = 20
-function t.cfgvalue()
-	return fs.readfile(conffile) or ""
-end
-
-function f.handle(self, state, data)
-	if state == FORM_VALID then
-		if data.conf then
-			fs.writefile(conffile, data.conf:gsub("\r\n", "\n"))
-			luci.sys.call("/etc/init.d/shadowsocksr restart")
-		end
-	end
-	return true
-end
-
-return f
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua
deleted file mode 100644
index b6fa84917..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua
+++ /dev/null
@@ -1,45 +0,0 @@
-module("luci.controller.shadowsocksr-libev", package.seeall)
-
-function index()
-	if not nixio.fs.access("/etc/shadowsocksr.json") then
-		return
-	end
-
-	entry({"admin", "services", "shadowsocksr-libev"},
-		alias("admin", "services", "shadowsocksr-libev", "general"),
-		_("ShadowsocksR设置"), 10)
-
-	entry({"admin", "services", "shadowsocksr-libev", "general"},
-		cbi("shadowsocksr-libev/shadowsocksr-libev-general"),
-		_("主服务器设置"), 10).leaf = true
-		
-	entry({"admin", "services", "shadowsocksr-libev", "backup"},
-		cbi("shadowsocksr-libev/shadowsocksr-libev-backup"),
-		_("备份服务器设置"), 20).leaf = true
-
-	entry({"admin", "services", "shadowsocksr-libev", "gfwlist"},
-		call("action_gfwlist"),
-		_("GFW 内置名单"), 30).leaf = true
-
-	entry({"admin", "services", "shadowsocksr-libev", "custom"},
-		cbi("shadowsocksr-libev/shadowsocksr-libev-custom"),
-		_("自定义域名列表"), 40).leaf = true
-
-	entry({"admin", "services", "shadowsocksr-libev", "watchdog"},
-		call("action_watchdog"),
-		_("守护进程日志"), 50).leaf = true
-end
-
-function action_gfwlist()
-	local fs = require "nixio.fs"
-	local conffile = "/etc/dnsmasq.d/gfw_list.conf" 
-	local gfwlist = fs.readfile(conffile) or ""
-	luci.template.render("shadowsocksr-libev/gfwlistr", {gfwlist=gfwlist})
-end
-
-function action_watchdog()
-	local fs = require "nixio.fs"
-	local conffile = "/var/log/shadowsocksr_watchdog.log" 
-	local watchdog = fs.readfile(conffile) or ""
-	luci.template.render("shadowsocksr-libev/watchdogr", {watchdog=watchdog})
-end
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server
deleted file mode 100644
index 9c01f2787..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=95
-
-SERVICE_USE_PID=1
-SERVICE_WRITE_PID=1
-SERVICE_DAEMONIZE=1
-
-CONFIG=/etc/shadowsocksr-server.json
-
-start() {
-	service_start /usr/bin/ssr-server -c $CONFIG -u
-}
-
-stop() {
-	service_stop /usr/bin/ssr-server
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json
deleted file mode 100644
index fa4f23fdd..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "server": "0.0.0.0",
-    "server_ipv6": "::",
-    "server_port": 443,
-    "password": "password",
-    "method": "rc4-md5",
-    "timeout": 120,
-    "protocol": "origin",
-    "protocol_param": "",
-    "obfs": "plain",
-    "obfs_param": "",
-    "redirect": "",
-    "dns_ipv6": false,
-    "fast_open": false
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json
deleted file mode 100644
index 5347bc9ab..000000000
--- a/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "server": "serverip",
-    "server_port": 443,
-    "password": "password",
-    "method": "rc4-md5",
-    "local_address": "0.0.0.0",
-    "local_port": 1080,
-    "timeout": 120,
-    "protocol": "origin",
-    "protocol_param": "",
-    "obfs": "plain",
-    "obfs_param": "",
-    "fast_open": false
-}
diff --git a/package/lean/shadowsocksR-libev-full/files/ssr-watchdog b/package/lean/shadowsocksR-libev-full/files/ssr-watchdog
deleted file mode 100644
index adf4a6582..000000000
--- a/package/lean/shadowsocksR-libev-full/files/ssr-watchdog
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-
-LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
-
-CURRENT=$(ls -l /etc/shadowsocksr.json | awk -F "." '{print $4}')
-
-if [ "$CURRENT" == "backup" ]; then
-	echo "[$LOGTIME] Backup server is running."
-	MAIN=$(cat /etc/shadowsocksr.json.main | awk -F '\"' '/\"server\"/ {print $4}')
-	PM=$(ping -c 3 $MAIN | grep 'loss' | awk -F ',' '{ print $3 }' | awk -F "%" '{ print $1 }')
-	if [ "$PM" -lt "50" ]; then
-		echo "[$LOGTIME] Main server up,$PM% packet loss, switch back."
-		ln -sf /etc/shadowsocksr.json.main /etc/shadowsocksr.json
-		CURRENT=$(ls -l /etc/shadowsocksr.json | awk -F "." '{print $4}')
-		/etc/init.d/shadowsocksr restart
-		sleep 3
-	else
-		echo "[$LOGTIME] Main server down,$PM% packet loss."
-	fi
-fi
-
-wget --spider --quiet -T 3 www.google.com.hk
-if [ "$?" == "0" ]; then
-	echo "[$LOGTIME] No problem."
-	exit 0
-else
-	wget --spider --quiet -T 3 www.baidu.com
-	if [ "$?" == "0" ]; then
-		echo "[$LOGTIME] Problem decteted, restart ShadowsocksR."
-		/etc/init.d/shadowsocksr restart
-		if [ "$CURRENT" == "main" ]; then
-			sleep 3
-			wget --spider --quiet -T 3 www.google.com.hk
-			if [ "$?" == "0" ]; then
-				echo "[$LOGTIME] ShadowsocksR recovered."
-				exit 0
-			else
-				echo "[$LOGTIME] Main server down, switch to backup server."
-				ln -sf /etc/shadowsocksr.json.backup /etc/shadowsocksr.json
-				/etc/init.d/shadowsocksr restart
-				exit 0
-			fi
-		fi
-	else
-		echo "[$LOGTIME] Network problem. Do nothing."
-	fi
-fi
diff --git a/package/lean/shadowsocksR-libev-full/files/watchdogr.htm b/package/lean/shadowsocksR-libev-full/files/watchdogr.htm
deleted file mode 100644
index 66a59a983..000000000
--- a/package/lean/shadowsocksR-libev-full/files/watchdogr.htm
+++ /dev/null
@@ -1,7 +0,0 @@
-<%+header%>
-<h2><a id="content" name="content"><%:ShadowsocksR - 守护进程日志%></a></h2>
-<div class="cbi-map-descr">ShadowsocksR 守护进程日志</div>
-<div id="content_watchdog">
-<textarea readonly="readonly" wrap="off" style="width: 100%" rows="20" id="watchdog"><%=watchdog:pcdata()%></textarea>
-</div>
-<%+footer%>
diff --git a/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch b/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch
deleted file mode 100644
index 5a9fb3f35..000000000
--- a/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch
+++ /dev/null
@@ -1,315 +0,0 @@
-From 4a153bc0bb8ed20517871bddbf92ba69057bef97 Mon Sep 17 00:00:00 2001
-From: WouldChar <wouldchar@gmail.com>
-Date: Mon, 18 Dec 2017 19:33:51 +0800
-Subject: [PATCH 1/7] Backport ss-check
-
-  * from https://github.com/ywb94/shadowsocks-libev
----
- src/Makefile.am |   5 ++
- src/check.c     | 242 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- src/redir.c     |   2 +-
- 3 files changed, 248 insertions(+), 1 deletion(-)
- create mode 100644 src/check.c
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index eea1300..d2c6d24 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -22,7 +22,7 @@ SS_COMMON_LIBS += $(top_builddir)/libev/libev.la \
-                   $(top_builddir)/libsodium/src/libsodium/libsodium.la
- endif
- 
--bin_PROGRAMS = ss-local
-+bin_PROGRAMS = ss-local ss-check
- #bin_PROGRAMS += ss-tunnel
- if !BUILD_WINCOMPAT
- #bin_PROGRAMS += ss-server ss-manager
-@@ -42,6 +43,8 @@ ss_local_SOURCES = utils.c \
-                    local.c \
-                    $(sni_src)
- 
-+ss_check_SOURCES = check.c
-+
- #ss_tunnel_SOURCES = utils.c \
- #                    jconf.c \
- #                    json.c \
-@@ -69,6 +72,7 @@ ss_local_SOURCES = utils.c \
- #                     manager.c
- 
- ss_local_LDADD = $(SS_COMMON_LIBS)
-+ss_check_LDADD = $(SS_COMMON_LIBS)
- #ss_tunnel_LDADD = $(SS_COMMON_LIBS)
- #ss_server_LDADD = $(SS_COMMON_LIBS)
- #ss_manager_LDADD = $(SS_COMMON_LIBS)
-@@ -83,6 +87,7 @@ ss_local_LDADD += $(top_builddir)/libudns/libudns.la
- endif
- 
- ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL
-+ss_check_CFLAGS = $(AM_CFLAGS) -DMODULE_CHECK
- #ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL
- #ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
- #ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER
-diff --git a/src/check.c b/src/check.c
-new file mode 100644
-index 0000000..9243686
---- /dev/null
-+++ b/src/check.c
-@@ -0,0 +1,242 @@
-+/*
-+ * check.c - check remote shadowsocks server port
-+ *
-+ * Copyright (C) 2017, yushi studio <ywb94@qq.com>
-+ *
-+ * This file is part of the shadowsocks-libev.
-+ *
-+ * shadowsocks-libev is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * shadowsocks-libev is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with shadowsocks-libev; see the file COPYING. If not, see
-+ * <http://www.gnu.org/licenses/>.
-+ */
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netdb.h>
-+#include <netinet/in.h>
-+#include <errno.h>
-+#include <time.h>
-+#include <arpa/inet.h>
-+#include <setjmp.h>
-+#include <signal.h>
-+#include <string.h>
-+
-+//#define __DEBUG__
-+#ifdef __DEBUG__
-+#define DEBUG(format,...) printf("File: "__FILE__", Line: %05d: "format"/n", __LINE__, ##__VA_ARGS__)
-+#else
-+#define DEBUG(format,...)
-+#endif
-+
-+static sigjmp_buf jmpbuf;
-+
-+static void alarm_func()
-+{
-+	siglongjmp(jmpbuf, 1);
-+}
-+
-+static struct hostent *timeGethostbyname(const char *domain, int timeout)
-+{
-+	struct hostent *ipHostent = NULL;
-+	signal(SIGALRM, alarm_func);
-+	if (sigsetjmp(jmpbuf, 1) != 0) {
-+		alarm(0);	//timout
-+		signal(SIGALRM, SIG_IGN);
-+		return NULL;
-+	}
-+	alarm(timeout);		//setting alarm
-+	ipHostent = gethostbyname(domain);
-+	signal(SIGALRM, SIG_IGN);
-+	return ipHostent;
-+}
-+
-+
-+#define MY_HTTP_DEFAULT_PORT	80
-+#define BUFFER_SIZE	1024
-+#define HTTP_POST "POST /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n"\
-+	"Content-Type:application/x-www-form-urlencoded\r\nContent-Length: %d\r\n\r\n%s"
-+#define HTTP_GET "GET /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n\r\n"
-+
-+static int http_parse_url(const char *url, char *host, char *file, int *port)
-+{
-+	char *ptr1, *ptr2;
-+	int len = 0;
-+	if (!url || !host || !file || !port)
-+		return 1;
-+
-+	ptr1 = (char *)url;
-+
-+	if (!strncmp(ptr1, "http://", strlen("http://")))
-+		ptr1 += strlen("http://");
-+	else
-+		return 1;
-+
-+	ptr2 = strchr(ptr1, '/');
-+	if (ptr2) {
-+		len = strlen(ptr1) - strlen(ptr2);
-+		memcpy(host, ptr1, len);
-+		host[len] = '\0';
-+		if (*(ptr2 + 1)) {
-+			memcpy(file, ptr2 + 1, strlen(ptr2) - 1);
-+			file[strlen(ptr2) - 1] = '\0';
-+		}
-+	}
-+	else {
-+		memcpy(host,ptr1,strlen(ptr1));
-+		host[strlen(ptr1)] = '\0';
-+	}
-+
-+	//get host and ip
-+	ptr1 = strchr(host, ':');
-+	if (ptr1) {
-+		*ptr1++ = '\0';
-+		*port = atoi(ptr1);
-+	}
-+	else
-+		*port = MY_HTTP_DEFAULT_PORT;
-+
-+	return 0;
-+}
-+
-+static int http_tcpclient_recv(int socket, char *lpbuff)
-+{
-+	int recvnum = 0;
-+
-+	recvnum = recv(socket, lpbuff, BUFFER_SIZE*4, 0);
-+
-+	return recvnum;
-+}
-+
-+static int http_tcpclient_send(int socket, char *buff, int size)
-+{
-+	int sent = 0, tmpres = 0;
-+
-+	while (sent < size) {
-+		tmpres = send(socket, buff + sent, size - sent, 0);
-+		if (tmpres == -1)
-+			return 1;
-+		sent += tmpres;
-+	}
-+	return sent;
-+}
-+
-+int  http_get(const char *url, int socket_fd)
-+{
-+	char lpbuf[BUFFER_SIZE * 4] = {'\0'};
-+
-+	char host_addr[BUFFER_SIZE] = {'\0'};
-+	char file[BUFFER_SIZE] = {'\0'};
-+	int port = 0;
-+
-+	if (!url) {
-+		DEBUG("url failed\n");
-+		return 1;
-+	}
-+
-+	if (http_parse_url(url, host_addr, file, &port)) {
-+		DEBUG("http_parse_url failed\n");
-+		return 1;
-+	}
-+	DEBUG("url: %s\thost_addr: %s\tfile: %s\t, %d\n", url, host_addr, file, port);
-+
-+	if (socket_fd < 0) {
-+		DEBUG("http_tcpclient_create failed\n");
-+		return 1;
-+	}
-+
-+	sprintf(lpbuf, HTTP_GET, file, host_addr, port);
-+
-+	if (http_tcpclient_send(socket_fd, lpbuf, strlen(lpbuf)) < 0) {
-+		DEBUG("http_tcpclient_send failed\n");
-+		return 1;
-+	}
-+	DEBUG("request:\n%s\n", lpbuf);
-+
-+	if (http_tcpclient_recv(socket_fd, lpbuf) <= 0) {
-+		DEBUG("http_tcpclient_recv failed\n");
-+		close(socket_fd);
-+		return 1;
-+	}
-+	DEBUG("rec:\n%s\n", lpbuf);
-+	close(socket_fd);
-+
-+	//return http_parse_result(lpbuf);
-+	return 0;
-+}
-+
-+int main(int argc, char *argv[])
-+{
-+	int fd, http_flag = 0, http_ret = 1;
-+	struct sockaddr_in addr;
-+	struct hostent *host;
-+	struct timeval timeo = {3, 0};
-+	socklen_t len = sizeof(timeo);
-+
-+	char http_url[100] = "http://";
-+
-+	fd = socket(AF_INET, SOCK_STREAM, 0);
-+	if (argc >= 4)
-+		timeo.tv_sec = atoi(argv[3]);
-+	if (argc >= 5)
-+		http_flag=1;
-+
-+        if ((host = timeGethostbyname(argv[1], timeo.tv_sec)) == NULL) {
-+		DEBUG("gethostbyname err\n");
-+		return 1;
-+	}
-+
-+	if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &timeo, len) == -1) {
-+		DEBUG("setsockopt send err\n");
-+		return 1;
-+	}
-+
-+	if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timeo, len) == -1) {
-+		DEBUG("setsockopt recv err\n");
-+		return 1;
-+	}
-+
-+	addr.sin_family = AF_INET;
-+	addr.sin_addr = *((struct in_addr *)host->h_addr);
-+	//addr.sin_addr.s_addr = inet_addr(argv[1]);
-+	addr.sin_port = htons(atoi(argv[2]));
-+
-+	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
-+		if (errno == EINPROGRESS) {
-+			DEBUG("timeout err\n");
-+			return 1;
-+		}
-+		DEBUG("connect err\n");
-+		return 1;
-+	}
-+
-+	if (http_flag == 0) {
-+		close(fd);
-+		return 0;
-+	}
-+
-+	strcat(http_url, argv[1]);
-+	http_ret = http_get(http_url, fd);
-+
-+	if (http_ret == 1) {
-+		DEBUG("recv err");
-+		return 1;
-+	}
-+	else {
-+		DEBUG("recv ok");
-+		return 0;
-+	}
-+}
-diff --git a/src/redir.c b/src/redir.c
-index 4345a36..e2bdd0e 100644
---- a/src/redir.c
-+++ b/src/redir.c
-@@ -203,7 +203,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
-             // continue to wait for recv
-             return;
-         } else {
--            ERROR("server recv");
-+            //ERROR("server recv");
-             close_and_free_remote(EV_A_ remote);
-             close_and_free_server(EV_A_ server);
-             return;
--- 
-2.7.4
-
diff --git a/package/lean/shadowsocksr-libev/Makefile b/package/lean/shadowsocksr-libev/Makefile
new file mode 100644
index 000000000..c909ce9d5
--- /dev/null
+++ b/package/lean/shadowsocksr-libev/Makefile
@@ -0,0 +1,61 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shadowsocksr-libev
+PKG_VERSION:=2.5.6
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
+PKG_SOURCE_VERSION:=d63ff863800a5645aca4309d5dd5962bd1e95543
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+
+PKG_LICENSE:=GPLv3
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+
+PKG_INSTALL:=1
+PKG_FIXUP:=autoreconf
+PKG_USE_MIPS16:=0
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shadowsocksr-libev
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=Lightweight Secured Socks5 Proxy
+	URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
+	DEPENDS:=+libopenssl +libpthread +libpcre +zlib
+endef
+
+Package/shadowsocksr-libev-server = $(Package/shadowsocksr-libev)
+Package/shadowsocksr-libev-alt = $(Package/shadowsocksr-libev)
+
+CONFIGURE_ARGS += --disable-documentation --disable-ssp --disable-assert
+
+define Package/shadowsocksr-libev/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local
+	$(LN) ssr-local $(1)/usr/bin/ssr-tunnel
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/ss-check $(1)/usr/bin/ssr-check
+endef
+
+define Package/shadowsocksr-libev-alt/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local
+	$(LN) ssr-local $(1)/usr/bin/ssr-tunnel
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/ss-check $(1)/usr/bin/ssr-check
+endef
+
+define Package/shadowsocksr-libev-server/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/ss-server $(1)/usr/bin/ssr-server
+endef
+
+$(eval $(call BuildPackage,shadowsocksr-libev))
+$(eval $(call BuildPackage,shadowsocksr-libev-alt))
+$(eval $(call BuildPackage,shadowsocksr-libev-server))
diff --git a/package/lean/shadowsocksr-libev/patches/0001-Add-ss-server-and-ss-check.patch b/package/lean/shadowsocksr-libev/patches/0001-Add-ss-server-and-ss-check.patch
new file mode 100644
index 000000000..50a4e6a94
--- /dev/null
+++ b/package/lean/shadowsocksr-libev/patches/0001-Add-ss-server-and-ss-check.patch
@@ -0,0 +1,17186 @@
+diff --git a/.gitignore b/.gitignore
+index 4eab18e..64b8d9f 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -2,6 +2,7 @@ build/
+ .deps/
+ /Makefile
+ src/Makefile
++server/Makefile
+ libev/Makefile
+ libudns/Makefile
+ libcork/Makefile
+diff --git a/Makefile.am b/Makefile.am
+index 690af43..75e158e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,7 +1,7 @@
+ if USE_SYSTEM_SHARED_LIB
+-SUBDIRS = libcork libipset src
++SUBDIRS = libcork libipset src server
+ else
+-SUBDIRS = libsodium libcork libipset libudns libev src
++SUBDIRS = libsodium libcork libipset libudns libev src server
+ endif
+ 
+ if ENABLE_DOCUMENTATION
+diff --git a/Makefile.in b/Makefile.in
+index 4cb3deb..e210bc0 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -195,7 +195,7 @@ am__define_uniq_tagged_files = \
+ ETAGS = etags
+ CTAGS = ctags
+ CSCOPE = cscope
+-DIST_SUBDIRS = libsodium libcork libipset libudns libev src doc
++DIST_SUBDIRS = libsodium libcork libipset libudns libev src server doc
+ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ 	$(srcdir)/shadowsocks-libev.pc.in $(top_srcdir)/auto/ar-lib \
+ 	$(top_srcdir)/auto/compile $(top_srcdir)/auto/config.guess \
+@@ -377,8 +377,9 @@ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ @USE_SYSTEM_SHARED_LIB_FALSE@SUBDIRS = libsodium libcork libipset \
+-@USE_SYSTEM_SHARED_LIB_FALSE@	libudns libev src $(am__append_1)
+-@USE_SYSTEM_SHARED_LIB_TRUE@SUBDIRS = libcork libipset src \
++@USE_SYSTEM_SHARED_LIB_FALSE@	libudns libev src server \
++@USE_SYSTEM_SHARED_LIB_FALSE@	$(am__append_1)
++@USE_SYSTEM_SHARED_LIB_TRUE@SUBDIRS = libcork libipset src server \
+ @USE_SYSTEM_SHARED_LIB_TRUE@	$(am__append_1)
+ ACLOCAL_AMFLAGS = -I m4
+ pkgconfiglibdir = $(libdir)/pkgconfig
+diff --git a/configure b/configure
+index 7d854c4..01d66ab 100755
+--- a/configure
++++ b/configure
+@@ -649,7 +649,6 @@ PTHREAD_CC
+ ax_pthread_config
+ INET_NTOP_LIB
+ MV
+-RM
+ GZIP
+ XMLTO
+ ASCIIDOC
+@@ -757,6 +756,7 @@ infodir
+ docdir
+ oldincludedir
+ includedir
++runstatedir
+ localstatedir
+ sharedstatedir
+ sysconfdir
+@@ -857,6 +857,7 @@ datadir='${datarootdir}'
+ sysconfdir='${prefix}/etc'
+ sharedstatedir='${prefix}/com'
+ localstatedir='${prefix}/var'
++runstatedir='${localstatedir}/run'
+ includedir='${prefix}/include'
+ oldincludedir='/usr/include'
+ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+@@ -1109,6 +1110,15 @@ do
+   | -silent | --silent | --silen | --sile | --sil)
+     silent=yes ;;
+ 
++  -runstatedir | --runstatedir | --runstatedi | --runstated \
++  | --runstate | --runstat | --runsta | --runst | --runs \
++  | --run | --ru | --r)
++    ac_prev=runstatedir ;;
++  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
++  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
++  | --run=* | --ru=* | --r=*)
++    runstatedir=$ac_optarg ;;
++
+   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+     ac_prev=sbindir ;;
+   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+@@ -1246,7 +1256,7 @@ fi
+ for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ 		datadir sysconfdir sharedstatedir localstatedir includedir \
+ 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+-		libdir localedir mandir
++		libdir localedir mandir runstatedir
+ do
+   eval ac_val=\$$ac_var
+   # Remove trailing slashes.
+@@ -1399,6 +1409,7 @@ Fine tuning of the installation directories:
+   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
++  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+   --libdir=DIR            object code libraries [EPREFIX/lib]
+   --includedir=DIR        C header files [PREFIX/include]
+   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+@@ -2472,8 +2483,8 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+ 
+ 
+ 
+-# expand $ac_aux_dir to an absolute path
+-am_aux_dir=`cd $ac_aux_dir && pwd`
++# Expand $ac_aux_dir to an absolute path.
++am_aux_dir=`cd "$ac_aux_dir" && pwd`
+ 
+ ac_ext=c
+ ac_cpp='$CPP $CPPFLAGS'
+@@ -3783,7 +3794,7 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
+ 
+ 
+ 
+-am__api_version='1.14'
++am__api_version='1.15'
+ 
+ # Find a good install program.  We prefer a C program (faster),
+ # so one script is as good as another.  But avoid the broken or
+@@ -3972,7 +3983,7 @@ else
+ $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+ fi
+ 
+-if test x"${install_sh}" != xset; then
++if test x"${install_sh+set}" != xset; then
+   case $am_aux_dir in
+   *\ * | *\	*)
+     install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+@@ -4363,8 +4374,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+ # <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+ mkdir_p='$(MKDIR_P)'
+ 
+-# We need awk for the "check" target.  The system "awk" is bad on
+-# some platforms.
++# We need awk for the "check" target (and possibly the TAP driver).  The
++# system "awk" is bad on some platforms.
+ # Always define AMTAR for backward compatibility.  Yes, it's still used
+ # in the wild :-(  We should find a proper way to deprecate it ...
+ AMTAR='$${TAR-tar}'
+@@ -4549,6 +4560,7 @@ END
+     as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
+   fi
+ fi
++
+ if test -n "$ac_tool_prefix"; then
+   for ac_prog in ar lib "link -lib"
+   do
+@@ -12494,47 +12506,6 @@ $as_echo "no" >&6; }
+ fi
+ 
+ 
+-  # Extract the first word of "rm", so it can be a program name with args.
+-set dummy rm; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_path_RM+:} false; then :
+-  $as_echo_n "(cached) " >&6
+-else
+-  case $RM in
+-  [\\/]* | ?:[\\/]*)
+-  ac_cv_path_RM="$RM" # Let the user override the test with a path.
+-  ;;
+-  *)
+-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+-  IFS=$as_save_IFS
+-  test -z "$as_dir" && as_dir=.
+-    for ac_exec_ext in '' $ac_executable_extensions; do
+-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+-    ac_cv_path_RM="$as_dir/$ac_word$ac_exec_ext"
+-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+-    break 2
+-  fi
+-done
+-  done
+-IFS=$as_save_IFS
+-
+-  test -z "$ac_cv_path_RM" && ac_cv_path_RM="rm"
+-  ;;
+-esac
+-fi
+-RM=$ac_cv_path_RM
+-if test -n "$RM"; then
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RM" >&5
+-$as_echo "$RM" >&6; }
+-else
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+   # Extract the first word of "mv", so it can be a program name with args.
+ set dummy mv; ac_word=$2
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+@@ -16204,15 +16175,162 @@ $as_echo "#define HAVE_IPv6 1" >>confdefs.h
+ 
+ 
+ if test -z "$USE_SYSTEM_SHARED_LIB_TRUE"; then :
+-  else
++
++    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sodium_init in -lsodium" >&5
++$as_echo_n "checking for sodium_init in -lsodium... " >&6; }
++if ${ac_cv_lib_sodium_sodium_init+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-lsodium  $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char sodium_init ();
++int
++main ()
++{
++return sodium_init ();
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_lib_sodium_sodium_init=yes
++else
++  ac_cv_lib_sodium_sodium_init=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sodium_sodium_init" >&5
++$as_echo "$ac_cv_lib_sodium_sodium_init" >&6; }
++if test "x$ac_cv_lib_sodium_sodium_init" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_LIBSODIUM 1
++_ACEOF
++
++  LIBS="-lsodium $LIBS"
++
++else
++
++       as_fn_error $? "Couldn't find libsodium. Try installing libsodium-dev[el]." "$LINENO" 5
++
++fi
++
++
++else
+   subdirs="$subdirs libsodium"
+ 
+ fi
+ 
+-ac_config_files="$ac_config_files shadowsocks-libev.pc Makefile libcork/Makefile libipset/Makefile src/Makefile"
++ac_config_files="$ac_config_files shadowsocks-libev.pc Makefile libcork/Makefile libipset/Makefile src/Makefile server/Makefile"
+ 
+ if test -z "$USE_SYSTEM_SHARED_LIB_TRUE"; then :
+-  else
++
++    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dns_dnlen in -ludns" >&5
++$as_echo_n "checking for dns_dnlen in -ludns... " >&6; }
++if ${ac_cv_lib_udns_dns_dnlen+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-ludns  $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char dns_dnlen ();
++int
++main ()
++{
++return dns_dnlen ();
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_lib_udns_dns_dnlen=yes
++else
++  ac_cv_lib_udns_dns_dnlen=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_udns_dns_dnlen" >&5
++$as_echo "$ac_cv_lib_udns_dns_dnlen" >&6; }
++if test "x$ac_cv_lib_udns_dns_dnlen" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_LIBUDNS 1
++_ACEOF
++
++  LIBS="-ludns $LIBS"
++
++else
++  as_fn_error $? "Couldn't find libudns. Try installing libudns-dev or udns-devel." "$LINENO" 5
++fi
++
++    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ev_loop_destroy in -lev" >&5
++$as_echo_n "checking for ev_loop_destroy in -lev... " >&6; }
++if ${ac_cv_lib_ev_ev_loop_destroy+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-lev  $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char ev_loop_destroy ();
++int
++main ()
++{
++return ev_loop_destroy ();
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_lib_ev_ev_loop_destroy=yes
++else
++  ac_cv_lib_ev_ev_loop_destroy=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ev_ev_loop_destroy" >&5
++$as_echo "$ac_cv_lib_ev_ev_loop_destroy" >&6; }
++if test "x$ac_cv_lib_ev_ev_loop_destroy" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_LIBEV 1
++_ACEOF
++
++  LIBS="-lev $LIBS"
++
++else
++  as_fn_error $? "Couldn't find libev. Try installing libev-dev[el]." "$LINENO" 5
++fi
++
++
++else
+   ac_config_files="$ac_config_files libudns/Makefile libev/Makefile"
+ 
+ fi
+@@ -17258,6 +17376,7 @@ do
+     "libcork/Makefile") CONFIG_FILES="$CONFIG_FILES libcork/Makefile" ;;
+     "libipset/Makefile") CONFIG_FILES="$CONFIG_FILES libipset/Makefile" ;;
+     "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
++    "server/Makefile") CONFIG_FILES="$CONFIG_FILES server/Makefile" ;;
+     "libudns/Makefile") CONFIG_FILES="$CONFIG_FILES libudns/Makefile" ;;
+     "libev/Makefile") CONFIG_FILES="$CONFIG_FILES libev/Makefile" ;;
+     "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+@@ -17958,8 +18077,8 @@ $as_echo X"$file" |
+     fi
+ 
+     cfgfile="${ofile}T"
+-    trap "$RM -f \"$cfgfile\"; exit 1" 1 2 15
+-    $RM -f "$cfgfile"
++    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
++    $RM "$cfgfile"
+ 
+     cat <<_LT_EOF >> "$cfgfile"
+ #! $SHELL
+diff --git a/configure.ac b/configure.ac
+index 6586f2b..f9c51ab 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -315,7 +315,8 @@ AC_CONFIG_FILES([ shadowsocks-libev.pc
+                  Makefile
+                  libcork/Makefile
+                  libipset/Makefile
+-                 src/Makefile])
++                 src/Makefile
++		 server/Makefile])
+ AM_COND_IF([USE_SYSTEM_SHARED_LIB],[
+     AC_CHECK_LIB([udns], [dns_dnlen], ,[AC_MSG_ERROR([Couldn't find libudns. Try installing libudns-dev or udns-devel.])])
+     AC_CHECK_LIB([ev], [ev_loop_destroy], ,[AC_MSG_ERROR([Couldn't find libev. Try installing libev-dev@<:@el@:>@.])])
+diff --git a/server/Makefile.am b/server/Makefile.am
+new file mode 100644
+index 0000000..3ae8bc2
+--- /dev/null
++++ b/server/Makefile.am
+@@ -0,0 +1,55 @@
++VERSION_INFO = 2:0:0
++
++AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE
++AM_CFLAGS += $(PTHREAD_CFLAGS)
++if !USE_SYSTEM_SHARED_LIB
++AM_CFLAGS += -I$(top_srcdir)/libev
++AM_CFLAGS += -I$(top_srcdir)/libudns
++AM_CFLAGS += -I$(top_srcdir)/libsodium/src/libsodium/include
++endif
++AM_CFLAGS += -I$(top_srcdir)/libipset/include
++AM_CFLAGS += -I$(top_srcdir)/libcork/include
++AM_CFLAGS += $(LIBPCRE_CFLAGS)
++
++SS_COMMON_LIBS = $(top_builddir)/libipset/libipset.la \
++                 $(top_builddir)/libcork/libcork.la \
++                 $(INET_NTOP_LIB) $(LIBPCRE_LIBS)
++if USE_SYSTEM_SHARED_LIB
++SS_COMMON_LIBS += -lev -lsodium -lm
++else
++SS_COMMON_LIBS += $(top_builddir)/libev/libev.la \
++                  $(top_builddir)/libsodium/src/libsodium/libsodium.la
++endif
++
++bin_PROGRAMS = ss-server ss-check
++
++sni_src = http.c \
++          tls.c \
++          rule.c
++
++ss_check_SOURCES = check.c 
++
++ss_server_SOURCES = utils.c \
++                    netutils.c \
++                    jconf.c \
++                    json.c \
++                    encrypt.c \
++                    udprelay.c \
++                    cache.c \
++                    acl.c \
++                    resolv.c \
++                    server.c \
++                    $(sni_src)
++
++
++ss_check_LDADD = $(SS_COMMON_LIBS)
++ss_server_LDADD = $(SS_COMMON_LIBS)
++
++if USE_SYSTEM_SHARED_LIB
++ss_server_LDADD += -ludns
++else
++ss_server_LDADD += $(top_builddir)/libudns/libudns.la
++endif
++
++ss_check_CFLAGS = $(AM_CFLAGS) 
++ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
+diff --git a/server/Makefile.in b/server/Makefile.in
+new file mode 100644
+index 0000000..3bfa53e
+--- /dev/null
++++ b/server/Makefile.in
+@@ -0,0 +1,919 @@
++# Makefile.in generated by automake 1.15 from Makefile.am.
++# @configure_input@
++
++# Copyright (C) 1994-2014 Free Software Foundation, Inc.
++
++# This Makefile.in is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
++# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
++# PARTICULAR PURPOSE.
++
++@SET_MAKE@
++
++VPATH = @srcdir@
++am__is_gnu_make = { \
++  if test -z '$(MAKELEVEL)'; then \
++    false; \
++  elif test -n '$(MAKE_HOST)'; then \
++    true; \
++  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
++    true; \
++  else \
++    false; \
++  fi; \
++}
++am__make_running_with_option = \
++  case $${target_option-} in \
++      ?) ;; \
++      *) echo "am__make_running_with_option: internal error: invalid" \
++              "target option '$${target_option-}' specified" >&2; \
++         exit 1;; \
++  esac; \
++  has_opt=no; \
++  sane_makeflags=$$MAKEFLAGS; \
++  if $(am__is_gnu_make); then \
++    sane_makeflags=$$MFLAGS; \
++  else \
++    case $$MAKEFLAGS in \
++      *\\[\ \	]*) \
++        bs=\\; \
++        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
++          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
++    esac; \
++  fi; \
++  skip_next=no; \
++  strip_trailopt () \
++  { \
++    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
++  }; \
++  for flg in $$sane_makeflags; do \
++    test $$skip_next = yes && { skip_next=no; continue; }; \
++    case $$flg in \
++      *=*|--*) continue;; \
++        -*I) strip_trailopt 'I'; skip_next=yes;; \
++      -*I?*) strip_trailopt 'I';; \
++        -*O) strip_trailopt 'O'; skip_next=yes;; \
++      -*O?*) strip_trailopt 'O';; \
++        -*l) strip_trailopt 'l'; skip_next=yes;; \
++      -*l?*) strip_trailopt 'l';; \
++      -[dEDm]) skip_next=yes;; \
++      -[JT]) skip_next=yes;; \
++    esac; \
++    case $$flg in \
++      *$$target_option*) has_opt=yes; break;; \
++    esac; \
++  done; \
++  test $$has_opt = yes
++am__make_dryrun = (target_option=n; $(am__make_running_with_option))
++am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
++pkgdatadir = $(datadir)/@PACKAGE@
++pkgincludedir = $(includedir)/@PACKAGE@
++pkglibdir = $(libdir)/@PACKAGE@
++pkglibexecdir = $(libexecdir)/@PACKAGE@
++am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
++install_sh_DATA = $(install_sh) -c -m 644
++install_sh_PROGRAM = $(install_sh) -c
++install_sh_SCRIPT = $(install_sh) -c
++INSTALL_HEADER = $(INSTALL_DATA)
++transform = $(program_transform_name)
++NORMAL_INSTALL = :
++PRE_INSTALL = :
++POST_INSTALL = :
++NORMAL_UNINSTALL = :
++PRE_UNINSTALL = :
++POST_UNINSTALL = :
++build_triplet = @build@
++host_triplet = @host@
++@USE_SYSTEM_SHARED_LIB_FALSE@am__append_1 = -I$(top_srcdir)/libev \
++@USE_SYSTEM_SHARED_LIB_FALSE@	-I$(top_srcdir)/libudns \
++@USE_SYSTEM_SHARED_LIB_FALSE@	-I$(top_srcdir)/libsodium/src/libsodium/include
++@USE_SYSTEM_SHARED_LIB_TRUE@am__append_2 = -lev -lsodium -lm
++@USE_SYSTEM_SHARED_LIB_FALSE@am__append_3 = $(top_builddir)/libev/libev.la \
++@USE_SYSTEM_SHARED_LIB_FALSE@                  $(top_builddir)/libsodium/src/libsodium/libsodium.la
++
++bin_PROGRAMS = ss-server$(EXEEXT) ss-check$(EXEEXT)
++@USE_SYSTEM_SHARED_LIB_TRUE@am__append_4 = -ludns
++@USE_SYSTEM_SHARED_LIB_FALSE@am__append_5 = $(top_builddir)/libudns/libudns.la
++subdir = server
++ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
++am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \
++	$(top_srcdir)/m4/ax_tls.m4 $(top_srcdir)/m4/inet_ntop.m4 \
++	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
++	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
++	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \
++	$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/pcre.m4 \
++	$(top_srcdir)/m4/polarssl.m4 \
++	$(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \
++	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
++am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
++	$(ACLOCAL_M4)
++DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
++mkinstalldirs = $(install_sh) -d
++CONFIG_HEADER = $(top_builddir)/config.h
++CONFIG_CLEAN_FILES =
++CONFIG_CLEAN_VPATH_FILES =
++am__installdirs = "$(DESTDIR)$(bindir)"
++PROGRAMS = $(bin_PROGRAMS)
++am_ss_check_OBJECTS = ss_check-check.$(OBJEXT)
++ss_check_OBJECTS = $(am_ss_check_OBJECTS)
++am__DEPENDENCIES_1 =
++am__DEPENDENCIES_2 = $(top_builddir)/libipset/libipset.la \
++	$(top_builddir)/libcork/libcork.la $(am__DEPENDENCIES_1) \
++	$(am__DEPENDENCIES_1) $(am__append_3)
++ss_check_DEPENDENCIES = $(am__DEPENDENCIES_2)
++AM_V_lt = $(am__v_lt_@AM_V@)
++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
++am__v_lt_0 = --silent
++am__v_lt_1 = 
++ss_check_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
++	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ss_check_CFLAGS) \
++	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
++am__objects_1 = ss_server-http.$(OBJEXT) ss_server-tls.$(OBJEXT) \
++	ss_server-rule.$(OBJEXT)
++am_ss_server_OBJECTS = ss_server-utils.$(OBJEXT) \
++	ss_server-netutils.$(OBJEXT) ss_server-jconf.$(OBJEXT) \
++	ss_server-json.$(OBJEXT) ss_server-encrypt.$(OBJEXT) \
++	ss_server-udprelay.$(OBJEXT) ss_server-cache.$(OBJEXT) \
++	ss_server-acl.$(OBJEXT) ss_server-resolv.$(OBJEXT) \
++	ss_server-server.$(OBJEXT) $(am__objects_1)
++ss_server_OBJECTS = $(am_ss_server_OBJECTS)
++ss_server_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
++	$(am__append_5)
++ss_server_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
++	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ss_server_CFLAGS) \
++	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
++AM_V_P = $(am__v_P_@AM_V@)
++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
++am__v_P_0 = false
++am__v_P_1 = :
++AM_V_GEN = $(am__v_GEN_@AM_V@)
++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
++am__v_GEN_0 = @echo "  GEN     " $@;
++am__v_GEN_1 = 
++AM_V_at = $(am__v_at_@AM_V@)
++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
++am__v_at_0 = @
++am__v_at_1 = 
++DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
++depcomp = $(SHELL) $(top_srcdir)/auto/depcomp
++am__depfiles_maybe = depfiles
++am__mv = mv -f
++COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
++	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
++	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
++	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
++	$(AM_CFLAGS) $(CFLAGS)
++AM_V_CC = $(am__v_CC_@AM_V@)
++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
++am__v_CC_0 = @echo "  CC      " $@;
++am__v_CC_1 = 
++CCLD = $(CC)
++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
++	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
++	$(AM_LDFLAGS) $(LDFLAGS) -o $@
++AM_V_CCLD = $(am__v_CCLD_@AM_V@)
++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
++am__v_CCLD_0 = @echo "  CCLD    " $@;
++am__v_CCLD_1 = 
++SOURCES = $(ss_check_SOURCES) $(ss_server_SOURCES)
++DIST_SOURCES = $(ss_check_SOURCES) $(ss_server_SOURCES)
++am__can_run_installinfo = \
++  case $$AM_UPDATE_INFO_DIR in \
++    n|no|NO) false;; \
++    *) (install-info --version) >/dev/null 2>&1;; \
++  esac
++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
++# Read a list of newline-separated strings from the standard input,
++# and print each of them once, without duplicates.  Input order is
++# *not* preserved.
++am__uniquify_input = $(AWK) '\
++  BEGIN { nonempty = 0; } \
++  { items[$$0] = 1; nonempty = 1; } \
++  END { if (nonempty) { for (i in items) print i; }; } \
++'
++# Make sure the list of sources is unique.  This is necessary because,
++# e.g., the same source file might be shared among _SOURCES variables
++# for different programs/libraries.
++am__define_uniq_tagged_files = \
++  list='$(am__tagged_files)'; \
++  unique=`for i in $$list; do \
++    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
++  done | $(am__uniquify_input)`
++ETAGS = etags
++CTAGS = ctags
++am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/auto/depcomp
++DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
++ACLOCAL = @ACLOCAL@
++AMTAR = @AMTAR@
++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
++AR = @AR@
++ASCIIDOC = @ASCIIDOC@
++AUTOCONF = @AUTOCONF@
++AUTOHEADER = @AUTOHEADER@
++AUTOMAKE = @AUTOMAKE@
++AWK = @AWK@
++CC = @CC@
++CCDEPMODE = @CCDEPMODE@
++CFLAGS = @CFLAGS@
++CPP = @CPP@
++CPPFLAGS = @CPPFLAGS@
++CYGPATH_W = @CYGPATH_W@
++DEFS = @DEFS@
++DEPDIR = @DEPDIR@
++DLLTOOL = @DLLTOOL@
++DSYMUTIL = @DSYMUTIL@
++DUMPBIN = @DUMPBIN@
++ECHO_C = @ECHO_C@
++ECHO_N = @ECHO_N@
++ECHO_T = @ECHO_T@
++EGREP = @EGREP@
++EXEEXT = @EXEEXT@
++FGREP = @FGREP@
++GREP = @GREP@
++GZIP = @GZIP@
++INET_NTOP_LIB = @INET_NTOP_LIB@
++INSTALL = @INSTALL@
++INSTALL_DATA = @INSTALL_DATA@
++INSTALL_PROGRAM = @INSTALL_PROGRAM@
++INSTALL_SCRIPT = @INSTALL_SCRIPT@
++INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
++LD = @LD@
++LDFLAGS = @LDFLAGS@
++LIBOBJS = @LIBOBJS@
++LIBPCRE = @LIBPCRE@
++LIBS = @LIBS@
++LIBTOOL = @LIBTOOL@
++LIPO = @LIPO@
++LN_S = @LN_S@
++LTLIBOBJS = @LTLIBOBJS@
++MAINT = @MAINT@
++MAKEINFO = @MAKEINFO@
++MANIFEST_TOOL = @MANIFEST_TOOL@
++MKDIR_P = @MKDIR_P@
++MV = @MV@
++NM = @NM@
++NMEDIT = @NMEDIT@
++OBJDUMP = @OBJDUMP@
++OBJEXT = @OBJEXT@
++OTOOL = @OTOOL@
++OTOOL64 = @OTOOL64@
++PACKAGE = @PACKAGE@
++PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
++PACKAGE_NAME = @PACKAGE_NAME@
++PACKAGE_STRING = @PACKAGE_STRING@
++PACKAGE_TARNAME = @PACKAGE_TARNAME@
++PACKAGE_URL = @PACKAGE_URL@
++PACKAGE_VERSION = @PACKAGE_VERSION@
++PATH_SEPARATOR = @PATH_SEPARATOR@
++PCRE_CONFIG = @PCRE_CONFIG@
++PTHREAD_CC = @PTHREAD_CC@
++PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
++PTHREAD_LIBS = @PTHREAD_LIBS@
++RANLIB = @RANLIB@
++SED = @SED@
++SET_MAKE = @SET_MAKE@
++SHELL = @SHELL@
++STRIP = @STRIP@
++VERSION = @VERSION@
++XMLTO = @XMLTO@
++abs_builddir = @abs_builddir@
++abs_srcdir = @abs_srcdir@
++abs_top_builddir = @abs_top_builddir@
++abs_top_srcdir = @abs_top_srcdir@
++ac_ct_AR = @ac_ct_AR@
++ac_ct_CC = @ac_ct_CC@
++ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
++am__include = @am__include@
++am__leading_dot = @am__leading_dot@
++am__quote = @am__quote@
++am__tar = @am__tar@
++am__untar = @am__untar@
++ax_pthread_config = @ax_pthread_config@
++bindir = @bindir@
++build = @build@
++build_alias = @build_alias@
++build_cpu = @build_cpu@
++build_os = @build_os@
++build_vendor = @build_vendor@
++builddir = @builddir@
++datadir = @datadir@
++datarootdir = @datarootdir@
++docdir = @docdir@
++dvidir = @dvidir@
++exec_prefix = @exec_prefix@
++host = @host@
++host_alias = @host_alias@
++host_cpu = @host_cpu@
++host_os = @host_os@
++host_vendor = @host_vendor@
++htmldir = @htmldir@
++includedir = @includedir@
++infodir = @infodir@
++install_sh = @install_sh@
++libdir = @libdir@
++libexecdir = @libexecdir@
++localedir = @localedir@
++localstatedir = @localstatedir@
++mandir = @mandir@
++mkdir_p = @mkdir_p@
++oldincludedir = @oldincludedir@
++pcre_pcreh = @pcre_pcreh@
++pcreh = @pcreh@
++pdfdir = @pdfdir@
++prefix = @prefix@
++program_transform_name = @program_transform_name@
++psdir = @psdir@
++runstatedir = @runstatedir@
++sbindir = @sbindir@
++sharedstatedir = @sharedstatedir@
++srcdir = @srcdir@
++subdirs = @subdirs@
++sysconfdir = @sysconfdir@
++target_alias = @target_alias@
++top_build_prefix = @top_build_prefix@
++top_builddir = @top_builddir@
++top_srcdir = @top_srcdir@
++VERSION_INFO = 2:0:0
++AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations \
++	-fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE \
++	$(PTHREAD_CFLAGS) $(am__append_1) \
++	-I$(top_srcdir)/libipset/include \
++	-I$(top_srcdir)/libcork/include $(LIBPCRE_CFLAGS)
++SS_COMMON_LIBS = $(top_builddir)/libipset/libipset.la \
++	$(top_builddir)/libcork/libcork.la $(INET_NTOP_LIB) \
++	$(LIBPCRE_LIBS) $(am__append_2) $(am__append_3)
++sni_src = http.c \
++          tls.c \
++          rule.c
++
++ss_check_SOURCES = check.c 
++ss_server_SOURCES = utils.c \
++                    netutils.c \
++                    jconf.c \
++                    json.c \
++                    encrypt.c \
++                    udprelay.c \
++                    cache.c \
++                    acl.c \
++                    resolv.c \
++                    server.c \
++                    $(sni_src)
++
++ss_check_LDADD = $(SS_COMMON_LIBS)
++ss_server_LDADD = $(SS_COMMON_LIBS) $(am__append_4) $(am__append_5)
++ss_check_CFLAGS = $(AM_CFLAGS) 
++ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
++all: all-am
++
++.SUFFIXES:
++.SUFFIXES: .c .lo .o .obj
++$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
++	@for dep in $?; do \
++	  case '$(am__configure_deps)' in \
++	    *$$dep*) \
++	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
++	        && { if test -f $@; then exit 0; else break; fi; }; \
++	      exit 1;; \
++	  esac; \
++	done; \
++	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign server/Makefile'; \
++	$(am__cd) $(top_srcdir) && \
++	  $(AUTOMAKE) --foreign server/Makefile
++Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
++	@case '$?' in \
++	  *config.status*) \
++	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
++	  *) \
++	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
++	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
++	esac;
++
++$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
++	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++
++$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
++	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
++	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(am__aclocal_m4_deps):
++install-binPROGRAMS: $(bin_PROGRAMS)
++	@$(NORMAL_INSTALL)
++	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
++	if test -n "$$list"; then \
++	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
++	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
++	fi; \
++	for p in $$list; do echo "$$p $$p"; done | \
++	sed 's/$(EXEEXT)$$//' | \
++	while read p p1; do if test -f $$p \
++	 || test -f $$p1 \
++	  ; then echo "$$p"; echo "$$p"; else :; fi; \
++	done | \
++	sed -e 'p;s,.*/,,;n;h' \
++	    -e 's|.*|.|' \
++	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
++	sed 'N;N;N;s,\n, ,g' | \
++	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
++	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
++	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
++	    else { print "f", $$3 "/" $$4, $$1; } } \
++	  END { for (d in files) print "f", d, files[d] }' | \
++	while read type dir files; do \
++	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
++	    test -z "$$files" || { \
++	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
++	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
++	    } \
++	; done
++
++uninstall-binPROGRAMS:
++	@$(NORMAL_UNINSTALL)
++	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
++	files=`for p in $$list; do echo "$$p"; done | \
++	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
++	      -e 's/$$/$(EXEEXT)/' \
++	`; \
++	test -n "$$list" || exit 0; \
++	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
++	cd "$(DESTDIR)$(bindir)" && rm -f $$files
++
++clean-binPROGRAMS:
++	@list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
++	echo " rm -f" $$list; \
++	rm -f $$list || exit $$?; \
++	test -n "$(EXEEXT)" || exit 0; \
++	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
++	echo " rm -f" $$list; \
++	rm -f $$list
++
++ss-check$(EXEEXT): $(ss_check_OBJECTS) $(ss_check_DEPENDENCIES) $(EXTRA_ss_check_DEPENDENCIES) 
++	@rm -f ss-check$(EXEEXT)
++	$(AM_V_CCLD)$(ss_check_LINK) $(ss_check_OBJECTS) $(ss_check_LDADD) $(LIBS)
++
++ss-server$(EXEEXT): $(ss_server_OBJECTS) $(ss_server_DEPENDENCIES) $(EXTRA_ss_server_DEPENDENCIES) 
++	@rm -f ss-server$(EXEEXT)
++	$(AM_V_CCLD)$(ss_server_LINK) $(ss_server_OBJECTS) $(ss_server_LDADD) $(LIBS)
++
++mostlyclean-compile:
++	-rm -f *.$(OBJEXT)
++
++distclean-compile:
++	-rm -f *.tab.c
++
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_check-check.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-acl.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-cache.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-encrypt.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-http.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-jconf.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-json.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-netutils.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-resolv.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-rule.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-server.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-tls.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-udprelay.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_server-utils.Po@am__quote@
++
++.c.o:
++@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
++@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
++@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
++
++.c.obj:
++@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
++@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
++@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
++
++.c.lo:
++@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
++@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
++@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
++
++ss_check-check.o: check.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_check_CFLAGS) $(CFLAGS) -MT ss_check-check.o -MD -MP -MF $(DEPDIR)/ss_check-check.Tpo -c -o ss_check-check.o `test -f 'check.c' || echo '$(srcdir)/'`check.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_check-check.Tpo $(DEPDIR)/ss_check-check.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='check.c' object='ss_check-check.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_check_CFLAGS) $(CFLAGS) -c -o ss_check-check.o `test -f 'check.c' || echo '$(srcdir)/'`check.c
++
++ss_check-check.obj: check.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_check_CFLAGS) $(CFLAGS) -MT ss_check-check.obj -MD -MP -MF $(DEPDIR)/ss_check-check.Tpo -c -o ss_check-check.obj `if test -f 'check.c'; then $(CYGPATH_W) 'check.c'; else $(CYGPATH_W) '$(srcdir)/check.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_check-check.Tpo $(DEPDIR)/ss_check-check.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='check.c' object='ss_check-check.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_check_CFLAGS) $(CFLAGS) -c -o ss_check-check.obj `if test -f 'check.c'; then $(CYGPATH_W) 'check.c'; else $(CYGPATH_W) '$(srcdir)/check.c'; fi`
++
++ss_server-utils.o: utils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-utils.o -MD -MP -MF $(DEPDIR)/ss_server-utils.Tpo -c -o ss_server-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-utils.Tpo $(DEPDIR)/ss_server-utils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils.c' object='ss_server-utils.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
++
++ss_server-utils.obj: utils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-utils.obj -MD -MP -MF $(DEPDIR)/ss_server-utils.Tpo -c -o ss_server-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-utils.Tpo $(DEPDIR)/ss_server-utils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils.c' object='ss_server-utils.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
++
++ss_server-netutils.o: netutils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-netutils.o -MD -MP -MF $(DEPDIR)/ss_server-netutils.Tpo -c -o ss_server-netutils.o `test -f 'netutils.c' || echo '$(srcdir)/'`netutils.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-netutils.Tpo $(DEPDIR)/ss_server-netutils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='netutils.c' object='ss_server-netutils.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-netutils.o `test -f 'netutils.c' || echo '$(srcdir)/'`netutils.c
++
++ss_server-netutils.obj: netutils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-netutils.obj -MD -MP -MF $(DEPDIR)/ss_server-netutils.Tpo -c -o ss_server-netutils.obj `if test -f 'netutils.c'; then $(CYGPATH_W) 'netutils.c'; else $(CYGPATH_W) '$(srcdir)/netutils.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-netutils.Tpo $(DEPDIR)/ss_server-netutils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='netutils.c' object='ss_server-netutils.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-netutils.obj `if test -f 'netutils.c'; then $(CYGPATH_W) 'netutils.c'; else $(CYGPATH_W) '$(srcdir)/netutils.c'; fi`
++
++ss_server-jconf.o: jconf.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-jconf.o -MD -MP -MF $(DEPDIR)/ss_server-jconf.Tpo -c -o ss_server-jconf.o `test -f 'jconf.c' || echo '$(srcdir)/'`jconf.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-jconf.Tpo $(DEPDIR)/ss_server-jconf.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='jconf.c' object='ss_server-jconf.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-jconf.o `test -f 'jconf.c' || echo '$(srcdir)/'`jconf.c
++
++ss_server-jconf.obj: jconf.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-jconf.obj -MD -MP -MF $(DEPDIR)/ss_server-jconf.Tpo -c -o ss_server-jconf.obj `if test -f 'jconf.c'; then $(CYGPATH_W) 'jconf.c'; else $(CYGPATH_W) '$(srcdir)/jconf.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-jconf.Tpo $(DEPDIR)/ss_server-jconf.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='jconf.c' object='ss_server-jconf.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-jconf.obj `if test -f 'jconf.c'; then $(CYGPATH_W) 'jconf.c'; else $(CYGPATH_W) '$(srcdir)/jconf.c'; fi`
++
++ss_server-json.o: json.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-json.o -MD -MP -MF $(DEPDIR)/ss_server-json.Tpo -c -o ss_server-json.o `test -f 'json.c' || echo '$(srcdir)/'`json.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-json.Tpo $(DEPDIR)/ss_server-json.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='json.c' object='ss_server-json.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-json.o `test -f 'json.c' || echo '$(srcdir)/'`json.c
++
++ss_server-json.obj: json.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-json.obj -MD -MP -MF $(DEPDIR)/ss_server-json.Tpo -c -o ss_server-json.obj `if test -f 'json.c'; then $(CYGPATH_W) 'json.c'; else $(CYGPATH_W) '$(srcdir)/json.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-json.Tpo $(DEPDIR)/ss_server-json.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='json.c' object='ss_server-json.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-json.obj `if test -f 'json.c'; then $(CYGPATH_W) 'json.c'; else $(CYGPATH_W) '$(srcdir)/json.c'; fi`
++
++ss_server-encrypt.o: encrypt.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-encrypt.o -MD -MP -MF $(DEPDIR)/ss_server-encrypt.Tpo -c -o ss_server-encrypt.o `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-encrypt.Tpo $(DEPDIR)/ss_server-encrypt.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='encrypt.c' object='ss_server-encrypt.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-encrypt.o `test -f 'encrypt.c' || echo '$(srcdir)/'`encrypt.c
++
++ss_server-encrypt.obj: encrypt.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-encrypt.obj -MD -MP -MF $(DEPDIR)/ss_server-encrypt.Tpo -c -o ss_server-encrypt.obj `if test -f 'encrypt.c'; then $(CYGPATH_W) 'encrypt.c'; else $(CYGPATH_W) '$(srcdir)/encrypt.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-encrypt.Tpo $(DEPDIR)/ss_server-encrypt.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='encrypt.c' object='ss_server-encrypt.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-encrypt.obj `if test -f 'encrypt.c'; then $(CYGPATH_W) 'encrypt.c'; else $(CYGPATH_W) '$(srcdir)/encrypt.c'; fi`
++
++ss_server-udprelay.o: udprelay.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-udprelay.o -MD -MP -MF $(DEPDIR)/ss_server-udprelay.Tpo -c -o ss_server-udprelay.o `test -f 'udprelay.c' || echo '$(srcdir)/'`udprelay.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-udprelay.Tpo $(DEPDIR)/ss_server-udprelay.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='udprelay.c' object='ss_server-udprelay.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-udprelay.o `test -f 'udprelay.c' || echo '$(srcdir)/'`udprelay.c
++
++ss_server-udprelay.obj: udprelay.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-udprelay.obj -MD -MP -MF $(DEPDIR)/ss_server-udprelay.Tpo -c -o ss_server-udprelay.obj `if test -f 'udprelay.c'; then $(CYGPATH_W) 'udprelay.c'; else $(CYGPATH_W) '$(srcdir)/udprelay.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-udprelay.Tpo $(DEPDIR)/ss_server-udprelay.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='udprelay.c' object='ss_server-udprelay.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-udprelay.obj `if test -f 'udprelay.c'; then $(CYGPATH_W) 'udprelay.c'; else $(CYGPATH_W) '$(srcdir)/udprelay.c'; fi`
++
++ss_server-cache.o: cache.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-cache.o -MD -MP -MF $(DEPDIR)/ss_server-cache.Tpo -c -o ss_server-cache.o `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-cache.Tpo $(DEPDIR)/ss_server-cache.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='cache.c' object='ss_server-cache.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-cache.o `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
++
++ss_server-cache.obj: cache.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-cache.obj -MD -MP -MF $(DEPDIR)/ss_server-cache.Tpo -c -o ss_server-cache.obj `if test -f 'cache.c'; then $(CYGPATH_W) 'cache.c'; else $(CYGPATH_W) '$(srcdir)/cache.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-cache.Tpo $(DEPDIR)/ss_server-cache.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='cache.c' object='ss_server-cache.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-cache.obj `if test -f 'cache.c'; then $(CYGPATH_W) 'cache.c'; else $(CYGPATH_W) '$(srcdir)/cache.c'; fi`
++
++ss_server-acl.o: acl.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-acl.o -MD -MP -MF $(DEPDIR)/ss_server-acl.Tpo -c -o ss_server-acl.o `test -f 'acl.c' || echo '$(srcdir)/'`acl.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-acl.Tpo $(DEPDIR)/ss_server-acl.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='acl.c' object='ss_server-acl.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-acl.o `test -f 'acl.c' || echo '$(srcdir)/'`acl.c
++
++ss_server-acl.obj: acl.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-acl.obj -MD -MP -MF $(DEPDIR)/ss_server-acl.Tpo -c -o ss_server-acl.obj `if test -f 'acl.c'; then $(CYGPATH_W) 'acl.c'; else $(CYGPATH_W) '$(srcdir)/acl.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-acl.Tpo $(DEPDIR)/ss_server-acl.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='acl.c' object='ss_server-acl.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-acl.obj `if test -f 'acl.c'; then $(CYGPATH_W) 'acl.c'; else $(CYGPATH_W) '$(srcdir)/acl.c'; fi`
++
++ss_server-resolv.o: resolv.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-resolv.o -MD -MP -MF $(DEPDIR)/ss_server-resolv.Tpo -c -o ss_server-resolv.o `test -f 'resolv.c' || echo '$(srcdir)/'`resolv.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-resolv.Tpo $(DEPDIR)/ss_server-resolv.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='resolv.c' object='ss_server-resolv.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-resolv.o `test -f 'resolv.c' || echo '$(srcdir)/'`resolv.c
++
++ss_server-resolv.obj: resolv.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-resolv.obj -MD -MP -MF $(DEPDIR)/ss_server-resolv.Tpo -c -o ss_server-resolv.obj `if test -f 'resolv.c'; then $(CYGPATH_W) 'resolv.c'; else $(CYGPATH_W) '$(srcdir)/resolv.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-resolv.Tpo $(DEPDIR)/ss_server-resolv.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='resolv.c' object='ss_server-resolv.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-resolv.obj `if test -f 'resolv.c'; then $(CYGPATH_W) 'resolv.c'; else $(CYGPATH_W) '$(srcdir)/resolv.c'; fi`
++
++ss_server-server.o: server.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-server.o -MD -MP -MF $(DEPDIR)/ss_server-server.Tpo -c -o ss_server-server.o `test -f 'server.c' || echo '$(srcdir)/'`server.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-server.Tpo $(DEPDIR)/ss_server-server.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='server.c' object='ss_server-server.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-server.o `test -f 'server.c' || echo '$(srcdir)/'`server.c
++
++ss_server-server.obj: server.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-server.obj -MD -MP -MF $(DEPDIR)/ss_server-server.Tpo -c -o ss_server-server.obj `if test -f 'server.c'; then $(CYGPATH_W) 'server.c'; else $(CYGPATH_W) '$(srcdir)/server.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-server.Tpo $(DEPDIR)/ss_server-server.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='server.c' object='ss_server-server.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-server.obj `if test -f 'server.c'; then $(CYGPATH_W) 'server.c'; else $(CYGPATH_W) '$(srcdir)/server.c'; fi`
++
++ss_server-http.o: http.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-http.o -MD -MP -MF $(DEPDIR)/ss_server-http.Tpo -c -o ss_server-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-http.Tpo $(DEPDIR)/ss_server-http.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='ss_server-http.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
++
++ss_server-http.obj: http.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-http.obj -MD -MP -MF $(DEPDIR)/ss_server-http.Tpo -c -o ss_server-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-http.Tpo $(DEPDIR)/ss_server-http.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='ss_server-http.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
++
++ss_server-tls.o: tls.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-tls.o -MD -MP -MF $(DEPDIR)/ss_server-tls.Tpo -c -o ss_server-tls.o `test -f 'tls.c' || echo '$(srcdir)/'`tls.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-tls.Tpo $(DEPDIR)/ss_server-tls.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls.c' object='ss_server-tls.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-tls.o `test -f 'tls.c' || echo '$(srcdir)/'`tls.c
++
++ss_server-tls.obj: tls.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-tls.obj -MD -MP -MF $(DEPDIR)/ss_server-tls.Tpo -c -o ss_server-tls.obj `if test -f 'tls.c'; then $(CYGPATH_W) 'tls.c'; else $(CYGPATH_W) '$(srcdir)/tls.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-tls.Tpo $(DEPDIR)/ss_server-tls.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls.c' object='ss_server-tls.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-tls.obj `if test -f 'tls.c'; then $(CYGPATH_W) 'tls.c'; else $(CYGPATH_W) '$(srcdir)/tls.c'; fi`
++
++ss_server-rule.o: rule.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-rule.o -MD -MP -MF $(DEPDIR)/ss_server-rule.Tpo -c -o ss_server-rule.o `test -f 'rule.c' || echo '$(srcdir)/'`rule.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-rule.Tpo $(DEPDIR)/ss_server-rule.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='rule.c' object='ss_server-rule.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-rule.o `test -f 'rule.c' || echo '$(srcdir)/'`rule.c
++
++ss_server-rule.obj: rule.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -MT ss_server-rule.obj -MD -MP -MF $(DEPDIR)/ss_server-rule.Tpo -c -o ss_server-rule.obj `if test -f 'rule.c'; then $(CYGPATH_W) 'rule.c'; else $(CYGPATH_W) '$(srcdir)/rule.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ss_server-rule.Tpo $(DEPDIR)/ss_server-rule.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='rule.c' object='ss_server-rule.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_server_CFLAGS) $(CFLAGS) -c -o ss_server-rule.obj `if test -f 'rule.c'; then $(CYGPATH_W) 'rule.c'; else $(CYGPATH_W) '$(srcdir)/rule.c'; fi`
++
++mostlyclean-libtool:
++	-rm -f *.lo
++
++clean-libtool:
++	-rm -rf .libs _libs
++
++ID: $(am__tagged_files)
++	$(am__define_uniq_tagged_files); mkid -fID $$unique
++tags: tags-am
++TAGS: tags
++
++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
++	set x; \
++	here=`pwd`; \
++	$(am__define_uniq_tagged_files); \
++	shift; \
++	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
++	  test -n "$$unique" || unique=$$empty_fix; \
++	  if test $$# -gt 0; then \
++	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
++	      "$$@" $$unique; \
++	  else \
++	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
++	      $$unique; \
++	  fi; \
++	fi
++ctags: ctags-am
++
++CTAGS: ctags
++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
++	$(am__define_uniq_tagged_files); \
++	test -z "$(CTAGS_ARGS)$$unique" \
++	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
++	     $$unique
++
++GTAGS:
++	here=`$(am__cd) $(top_builddir) && pwd` \
++	  && $(am__cd) $(top_srcdir) \
++	  && gtags -i $(GTAGS_ARGS) "$$here"
++cscopelist: cscopelist-am
++
++cscopelist-am: $(am__tagged_files)
++	list='$(am__tagged_files)'; \
++	case "$(srcdir)" in \
++	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
++	  *) sdir=$(subdir)/$(srcdir) ;; \
++	esac; \
++	for i in $$list; do \
++	  if test -f "$$i"; then \
++	    echo "$(subdir)/$$i"; \
++	  else \
++	    echo "$$sdir/$$i"; \
++	  fi; \
++	done >> $(top_builddir)/cscope.files
++
++distclean-tags:
++	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
++
++distdir: $(DISTFILES)
++	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++	list='$(DISTFILES)'; \
++	  dist_files=`for file in $$list; do echo $$file; done | \
++	  sed -e "s|^$$srcdirstrip/||;t" \
++	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
++	case $$dist_files in \
++	  */*) $(MKDIR_P) `echo "$$dist_files" | \
++			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
++			   sort -u` ;; \
++	esac; \
++	for file in $$dist_files; do \
++	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
++	  if test -d $$d/$$file; then \
++	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
++	    if test -d "$(distdir)/$$file"; then \
++	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++	    fi; \
++	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
++	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
++	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++	    fi; \
++	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
++	  else \
++	    test -f "$(distdir)/$$file" \
++	    || cp -p $$d/$$file "$(distdir)/$$file" \
++	    || exit 1; \
++	  fi; \
++	done
++check-am: all-am
++check: check-am
++all-am: Makefile $(PROGRAMS)
++installdirs:
++	for dir in "$(DESTDIR)$(bindir)"; do \
++	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
++	done
++install: install-am
++install-exec: install-exec-am
++install-data: install-data-am
++uninstall: uninstall-am
++
++install-am: all-am
++	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
++
++installcheck: installcheck-am
++install-strip:
++	if test -z '$(STRIP)'; then \
++	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
++	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
++	      install; \
++	else \
++	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
++	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
++	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
++	fi
++mostlyclean-generic:
++
++clean-generic:
++
++distclean-generic:
++	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
++	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
++
++maintainer-clean-generic:
++	@echo "This command is intended for maintainers to use"
++	@echo "it deletes files that may require special tools to rebuild."
++clean: clean-am
++
++clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
++
++distclean: distclean-am
++	-rm -rf ./$(DEPDIR)
++	-rm -f Makefile
++distclean-am: clean-am distclean-compile distclean-generic \
++	distclean-tags
++
++dvi: dvi-am
++
++dvi-am:
++
++html: html-am
++
++html-am:
++
++info: info-am
++
++info-am:
++
++install-data-am:
++
++install-dvi: install-dvi-am
++
++install-dvi-am:
++
++install-exec-am: install-binPROGRAMS
++
++install-html: install-html-am
++
++install-html-am:
++
++install-info: install-info-am
++
++install-info-am:
++
++install-man:
++
++install-pdf: install-pdf-am
++
++install-pdf-am:
++
++install-ps: install-ps-am
++
++install-ps-am:
++
++installcheck-am:
++
++maintainer-clean: maintainer-clean-am
++	-rm -rf ./$(DEPDIR)
++	-rm -f Makefile
++maintainer-clean-am: distclean-am maintainer-clean-generic
++
++mostlyclean: mostlyclean-am
++
++mostlyclean-am: mostlyclean-compile mostlyclean-generic \
++	mostlyclean-libtool
++
++pdf: pdf-am
++
++pdf-am:
++
++ps: ps-am
++
++ps-am:
++
++uninstall-am: uninstall-binPROGRAMS
++
++.MAKE: install-am install-strip
++
++.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
++	clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \
++	ctags ctags-am distclean distclean-compile distclean-generic \
++	distclean-libtool distclean-tags distdir dvi dvi-am html \
++	html-am info info-am install install-am install-binPROGRAMS \
++	install-data install-data-am install-dvi install-dvi-am \
++	install-exec install-exec-am install-html install-html-am \
++	install-info install-info-am install-man install-pdf \
++	install-pdf-am install-ps install-ps-am install-strip \
++	installcheck installcheck-am installdirs maintainer-clean \
++	maintainer-clean-generic mostlyclean mostlyclean-compile \
++	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
++	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
++
++.PRECIOUS: Makefile
++
++
++# Tell versions [3.59,3.63) of GNU make to not export all variables.
++# Otherwise a system limit (for SysV at least) may be exceeded.
++.NOEXPORT:
+diff --git a/server/README.md b/server/README.md
+new file mode 100644
+index 0000000..ef6a20e
+--- /dev/null
++++ b/server/README.md
+@@ -0,0 +1,3 @@
++# server
++
++`ss-server` and `ss-check` from https://github.com/ywb94/shadowsocks-libev
+diff --git a/server/acl.c b/server/acl.c
+new file mode 100644
+index 0000000..60d4b72
+--- /dev/null
++++ b/server/acl.c
+@@ -0,0 +1,597 @@
++/*
++ * acl.c - Manage the ACL (Access Control List)
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#include <ipset/ipset.h>
++#include <ctype.h>
++
++#include "rule.h"
++#include "utils.h"
++#include "cache.h"
++#include "acl.h"
++
++static struct ip_set white_list_ipv4;
++static struct ip_set white_list_ipv6;
++
++static struct ip_set black_list_ipv4;
++static struct ip_set black_list_ipv6;
++
++static struct cork_dllist black_list_rules;
++static struct cork_dllist white_list_rules;
++
++static int acl_mode = BLACK_LIST;
++
++static struct cache *block_list;
++
++static struct ip_set outbound_block_list_ipv4;
++static struct ip_set outbound_block_list_ipv6;
++static struct cork_dllist outbound_block_list_rules;
++
++#ifdef __linux__
++
++#include <unistd.h>
++#include <stdio.h>
++
++#define NO_FIREWALL_MODE 0
++#define IPTABLES_MODE    1
++#define FIREWALLD_MODE   2
++
++static FILE *shell_stdin;
++static int mode = NO_FIREWALL_MODE;
++
++static char chain_name[64];
++static char *iptables_init_chain =
++    "iptables -N %s; iptables -F %s; iptables -A OUTPUT -p tcp --tcp-flags RST RST -j %s";
++static char *iptables_remove_chain =
++    "iptables -D OUTPUT -p tcp --tcp-flags RST RST -j %s; iptables -F %s; iptables -X %s";
++static char *iptables_add_rule    = "iptables -A %s -d %s -j DROP";
++static char *iptables_remove_rule = "iptables -D %s -d %s -j DROP";
++
++static char *ip6tables_init_chain =
++    "ip6tables -N %s; ip6tables -F %s; ip6tables -A OUTPUT -p tcp --tcp-flags RST RST -j %s";
++static char *ip6tables_remove_chain =
++    "ip6tables -D OUTPUT -p tcp --tcp-flags RST RST -j %s; ip6tables -F %s; ip6tables -X %s";
++static char *ip6tables_add_rule    = "ip6tables -A %s -d %s -j DROP";
++static char *ip6tables_remove_rule = "ip6tables -D %s -d %s -j DROP";
++
++static char *firewalld_init_chain =
++    "firewall-cmd --direct --add-chain ipv4 filter %s; \
++     firewall-cmd --direct --passthrough ipv4 -F %s; \
++     firewall-cmd --direct --passthrough ipv4 -A OUTPUT -p tcp --tcp-flags RST RST -j %s";
++static char *firewalld_remove_chain =
++    "firewall-cmd --direct --passthrough ipv4 -D OUTPUT -p tcp --tcp-flags RST RST -j %s; \
++     firewall-cmd --direct --passthrough ipv4 -F %s; \
++     firewall-cmd --direct --remove-chain ipv4 filter %s";
++static char *firewalld_add_rule    = "firewall-cmd --direct --passthrough ipv4 -A %s -d %s -j DROP";
++static char *firewalld_remove_rule = "firewall-cmd --direct --passthrough ipv4 -D %s -d %s -j DROP";
++
++static char *firewalld6_init_chain =
++    "firewall-cmd --direct --add-chain ipv6 filter %s; \
++     firewall-cmd --direct --passthrough ipv6 -F %s; \
++     firewall-cmd --direct --passthrough ipv6 -A OUTPUT -p tcp --tcp-flags RST RST -j %s";
++static char *firewalld6_remove_chain =
++    "firewall-cmd --direct --passthrough ipv6 -D OUTPUT -p tcp --tcp-flags RST RST -j %s; \
++     firewall-cmd --direct --passthrough ipv6 -F %s; \
++     firewall-cmd --direct --remove-chain ipv6 filter %s";
++static char *firewalld6_add_rule    = "firewall-cmd --direct --passthrough ipv6 -A %s -d %s -j DROP";
++static char *firewalld6_remove_rule = "firewall-cmd --direct --passthrough ipv6 -D %s -d %s -j DROP";
++
++static int
++run_cmd(const char *cmd)
++{
++    int ret = 0;
++    char cmdstring[256];
++
++    sprintf(cmdstring, "%s\n", cmd);
++    size_t len = strlen(cmdstring);
++
++    if (shell_stdin != NULL) {
++        ret = fwrite(cmdstring, 1, len, shell_stdin);
++        fflush(shell_stdin);
++    }
++
++    return ret == len;
++}
++
++static int
++init_firewall()
++{
++    int ret = 0;
++    char cli[256];
++    FILE *fp;
++
++    if (getuid() != 0)
++        return -1;
++
++    sprintf(cli, "firewall-cmd --version 2>&1");
++    fp = popen(cli, "r");
++
++    if (fp == NULL)
++        return -1;
++
++    if (pclose(fp) == 0) {
++        mode = FIREWALLD_MODE;
++    } else {
++        /* Check whether we have permission to operate iptables.
++	 * Note that checking `iptables --version` is insufficient:
++         * eg, running within a child user namespace.
++	 */
++        sprintf(cli, "iptables -L 2>&1");
++        fp = popen(cli, "r");
++        if (fp == NULL)
++            return -1;
++        if (pclose(fp) == 0)
++            mode = IPTABLES_MODE;
++    }
++
++    sprintf(chain_name, "SHADOWSOCKS_LIBEV_%d", getpid());
++
++    if (mode == FIREWALLD_MODE) {
++        sprintf(cli, firewalld6_init_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++        sprintf(cli, firewalld_init_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++    } else if (mode == IPTABLES_MODE) {
++        sprintf(cli, ip6tables_init_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++        sprintf(cli, iptables_init_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++    }
++
++    shell_stdin = popen("/bin/sh", "w");
++
++    return ret;
++}
++
++static int
++reset_firewall()
++{
++    int ret = 0;
++    char cli[256];
++
++    if (getuid() != 0)
++        return -1;
++
++    if (mode == IPTABLES_MODE) {
++        sprintf(cli, ip6tables_remove_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++        sprintf(cli, iptables_remove_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++    } else if (mode == FIREWALLD_MODE) {
++        sprintf(cli, firewalld6_remove_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++        sprintf(cli, firewalld_remove_chain, chain_name, chain_name, chain_name);
++        ret |= system(cli);
++    }
++
++    if (shell_stdin != NULL) {
++        run_cmd("exit 0");
++        pclose(shell_stdin);
++    }
++
++    return ret;
++}
++
++static int
++set_firewall_rule(char *addr, int add)
++{
++    char cli[256];
++    struct cork_ip ip;
++
++    if (getuid() != 0)
++        return -1;
++
++    if (cork_ip_init(&ip, addr))
++        return -1;
++
++    if (add) {
++        if (mode == IPTABLES_MODE)
++            sprintf(cli, ip.version == 4 ? iptables_add_rule : ip6tables_add_rule,
++                    chain_name, addr);
++        else if (mode == FIREWALLD_MODE)
++            sprintf(cli, ip.version == 4 ? firewalld_add_rule : firewalld6_add_rule,
++                    chain_name, addr);
++        return run_cmd(cli);
++    } else {
++        if (mode == IPTABLES_MODE)
++            sprintf(cli, ip.version == 4 ? iptables_remove_rule : ip6tables_remove_rule,
++                    chain_name, addr);
++        else if (mode == FIREWALLD_MODE)
++            sprintf(cli, ip.version == 4 ? firewalld_remove_rule : firewalld6_remove_rule,
++                    chain_name, addr);
++        return run_cmd(cli);
++    }
++
++    return 0;
++}
++
++static void
++free_firewall_rule(void *key, void *element)
++{
++    if (key == NULL)
++        return;
++    char *addr = (char *)key;
++    set_firewall_rule(addr, 0);
++    ss_free(element);
++}
++
++#endif
++
++void
++init_block_list(int firewall)
++{
++    // Initialize cache
++#ifdef __linux__
++    if (firewall)
++        init_firewall();
++    else
++        mode = NO_FIREWALL_MODE;
++    cache_create(&block_list, 256, free_firewall_rule);
++#else
++    cache_create(&block_list, 256, NULL);
++#endif
++}
++
++void
++free_block_list()
++{
++#ifdef __linux__
++    if (mode != NO_FIREWALL_MODE)
++        reset_firewall();
++#endif
++    cache_clear(block_list, 0); // Remove all items
++}
++
++int
++remove_from_block_list(char *addr)
++{
++    size_t addr_len = strlen(addr);
++    return cache_remove(block_list, addr, addr_len);
++}
++
++void
++clear_block_list()
++{
++    cache_clear(block_list, 3600); // Clear items older than 1 hour
++}
++
++int
++check_block_list(char *addr)
++{
++    size_t addr_len = strlen(addr);
++
++    if (cache_key_exist(block_list, addr, addr_len)) {
++        int *count = NULL;
++        cache_lookup(block_list, addr, addr_len, &count);
++
++        if (count != NULL && *count > MAX_TRIES)
++            return 1;
++    }
++
++    return 0;
++}
++
++int
++update_block_list(char *addr, int err_level)
++{
++    size_t addr_len = strlen(addr);
++
++    if (cache_key_exist(block_list, addr, addr_len)) {
++        int *count = NULL;
++        cache_lookup(block_list, addr, addr_len, &count);
++        if (count != NULL) {
++            if (*count > MAX_TRIES)
++                return 1;
++            (*count) += err_level;
++        }
++    } else if (err_level > 0) {
++        int *count = (int *)ss_malloc(sizeof(int));
++        *count = 1;
++        cache_insert(block_list, addr, addr_len, count);
++#ifdef __linux__
++        if (mode != NO_FIREWALL_MODE)
++            set_firewall_rule(addr, 1);
++#endif
++    }
++
++    return 0;
++}
++
++static void
++parse_addr_cidr(const char *str, char *host, int *cidr)
++{
++    int ret = -1, n = 0;
++    char *pch;
++
++    pch = strchr(str, '/');
++    while (pch != NULL) {
++        n++;
++        ret = pch - str;
++        pch = strchr(pch + 1, '/');
++    }
++    if (ret == -1) {
++        strcpy(host, str);
++        *cidr = -1;
++    } else {
++        memcpy(host, str, ret);
++        host[ret] = '\0';
++        *cidr     = atoi(str + ret + 1);
++    }
++}
++
++char *
++trimwhitespace(char *str)
++{
++    char *end;
++
++    // Trim leading space
++    while (isspace(*str))
++        str++;
++
++    if (*str == 0)   // All spaces?
++        return str;
++
++    // Trim trailing space
++    end = str + strlen(str) - 1;
++    while (end > str && isspace(*end))
++        end--;
++
++    // Write new null terminator
++    *(end + 1) = 0;
++
++    return str;
++}
++
++int
++init_acl(const char *path)
++{
++    // initialize ipset
++    ipset_init_library();
++
++    ipset_init(&white_list_ipv4);
++    ipset_init(&white_list_ipv6);
++    ipset_init(&black_list_ipv4);
++    ipset_init(&black_list_ipv6);
++    ipset_init(&outbound_block_list_ipv4);
++    ipset_init(&outbound_block_list_ipv6);
++
++    cork_dllist_init(&black_list_rules);
++    cork_dllist_init(&white_list_rules);
++    cork_dllist_init(&outbound_block_list_rules);
++
++    struct ip_set *list_ipv4  = &black_list_ipv4;
++    struct ip_set *list_ipv6  = &black_list_ipv6;
++    struct cork_dllist *rules = &black_list_rules;
++
++    FILE *f = fopen(path, "r");
++    if (f == NULL) {
++        LOGE("Invalid acl path.");
++        return -1;
++    }
++
++    char buf[257];
++    while (!feof(f))
++        if (fgets(buf, 256, f)) {
++            // Trim the newline
++            int len = strlen(buf);
++            if (len > 0 && buf[len - 1] == '\n') {
++                buf[len - 1] = '\0';
++            }
++
++            char *line = trimwhitespace(buf);
++
++            // Skip comments
++            if (line[0] == '#') {
++                continue;
++            }
++
++            if (strlen(line) == 0) {
++                continue;
++            }
++
++            if (strcmp(line, "[outbound_block_list]") == 0) {
++                list_ipv4 = &outbound_block_list_ipv4;
++                list_ipv6 = &outbound_block_list_ipv6;
++                rules     = &outbound_block_list_rules;
++                continue;
++            } else if (strcmp(line, "[black_list]") == 0
++                       || strcmp(line, "[bypass_list]") == 0) {
++                list_ipv4 = &black_list_ipv4;
++                list_ipv6 = &black_list_ipv6;
++                rules     = &black_list_rules;
++                continue;
++            } else if (strcmp(line, "[white_list]") == 0
++                       || strcmp(line, "[proxy_list]") == 0) {
++                list_ipv4 = &white_list_ipv4;
++                list_ipv6 = &white_list_ipv6;
++                rules     = &white_list_rules;
++                continue;
++            } else if (strcmp(line, "[reject_all]") == 0
++                       || strcmp(line, "[bypass_all]") == 0) {
++                acl_mode = WHITE_LIST;
++                continue;
++            } else if (strcmp(line, "[accept_all]") == 0
++                       || strcmp(line, "[proxy_all]") == 0) {
++                acl_mode = BLACK_LIST;
++                continue;
++            }
++
++            char host[257];
++            int cidr;
++            parse_addr_cidr(line, host, &cidr);
++
++            struct cork_ip addr;
++            int err = cork_ip_init(&addr, host);
++            if (!err) {
++                if (addr.version == 4) {
++                    if (cidr >= 0) {
++                        ipset_ipv4_add_network(list_ipv4, &(addr.ip.v4), cidr);
++                    } else {
++                        ipset_ipv4_add(list_ipv4, &(addr.ip.v4));
++                    }
++                } else if (addr.version == 6) {
++                    if (cidr >= 0) {
++                        ipset_ipv6_add_network(list_ipv6, &(addr.ip.v6), cidr);
++                    } else {
++                        ipset_ipv6_add(list_ipv6, &(addr.ip.v6));
++                    }
++                }
++            } else {
++                rule_t *rule = new_rule();
++                accept_rule_arg(rule, line);
++                init_rule(rule);
++                add_rule(rules, rule);
++            }
++        }
++
++    fclose(f);
++
++    return 0;
++}
++
++void
++free_rules(struct cork_dllist *rules)
++{
++    struct cork_dllist_item *iter;
++    while ((iter = cork_dllist_head(rules)) != NULL) {
++        rule_t *rule = cork_container_of(iter, rule_t, entries);
++        remove_rule(rule);
++    }
++}
++
++void
++free_acl(void)
++{
++    ipset_done(&black_list_ipv4);
++    ipset_done(&black_list_ipv6);
++    ipset_done(&white_list_ipv4);
++    ipset_done(&white_list_ipv6);
++
++    free_rules(&black_list_rules);
++    free_rules(&white_list_rules);
++}
++
++int
++get_acl_mode(void)
++{
++    return acl_mode;
++}
++
++/*
++ * Return 0,  if not match.
++ * Return 1,  if match black list.
++ * Return -1, if match white list.
++ */
++int
++acl_match_host(const char *host)
++{
++    struct cork_ip addr;
++    int ret = 0;
++    int err = cork_ip_init(&addr, host);
++
++    if (err) {
++        int host_len = strlen(host);
++        if (lookup_rule(&black_list_rules, host, host_len) != NULL)
++            ret = 1;
++        else if (lookup_rule(&white_list_rules, host, host_len) != NULL)
++            ret = -1;
++        return ret;
++    }
++
++    if (addr.version == 4) {
++        if (ipset_contains_ipv4(&black_list_ipv4, &(addr.ip.v4)))
++            ret = 1;
++        else if (ipset_contains_ipv4(&white_list_ipv4, &(addr.ip.v4)))
++            ret = -1;
++    } else if (addr.version == 6) {
++        if (ipset_contains_ipv6(&black_list_ipv6, &(addr.ip.v6)))
++            ret = 1;
++        else if (ipset_contains_ipv6(&white_list_ipv6, &(addr.ip.v6)))
++            ret = -1;
++    }
++
++    return ret;
++}
++
++int
++acl_add_ip(const char *ip)
++{
++    struct cork_ip addr;
++    int err = cork_ip_init(&addr, ip);
++    if (err) {
++        return -1;
++    }
++
++    if (addr.version == 4) {
++        ipset_ipv4_add(&black_list_ipv4, &(addr.ip.v4));
++    } else if (addr.version == 6) {
++        ipset_ipv6_add(&black_list_ipv6, &(addr.ip.v6));
++    }
++
++    return 0;
++}
++
++int
++acl_remove_ip(const char *ip)
++{
++    struct cork_ip addr;
++    int err = cork_ip_init(&addr, ip);
++    if (err) {
++        return -1;
++    }
++
++    if (addr.version == 4) {
++        ipset_ipv4_remove(&black_list_ipv4, &(addr.ip.v4));
++    } else if (addr.version == 6) {
++        ipset_ipv6_remove(&black_list_ipv6, &(addr.ip.v6));
++    }
++
++    return 0;
++}
++
++/*
++ * Return 0,  if not match.
++ * Return 1,  if match black list.
++ */
++int
++outbound_block_match_host(const char *host)
++{
++    struct cork_ip addr;
++    int ret = 0;
++    int err = cork_ip_init(&addr, host);
++
++    if (err) {
++        int host_len = strlen(host);
++        if (lookup_rule(&outbound_block_list_rules, host, host_len) != NULL)
++            ret = 1;
++        return ret;
++    }
++
++    if (addr.version == 4) {
++        if (ipset_contains_ipv4(&outbound_block_list_ipv4, &(addr.ip.v4)))
++            ret = 1;
++    } else if (addr.version == 6) {
++        if (ipset_contains_ipv6(&outbound_block_list_ipv6, &(addr.ip.v6)))
++            ret = 1;
++    }
++
++    return ret;
++}
+diff --git a/server/acl.h b/server/acl.h
+new file mode 100644
+index 0000000..d6f18b8
+--- /dev/null
++++ b/server/acl.h
+@@ -0,0 +1,53 @@
++/*
++ * acl.h - Define the ACL interface
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _ACL_H
++#define _ACL_H
++
++#define BLACK_LIST 0
++#define WHITE_LIST 1
++
++#define MAX_TRIES  64
++#define MALICIOUS  8
++#define SUSPICIOUS 4
++#define BAD        2
++#define MALFORMED  1
++
++int init_acl(const char *path);
++void free_acl(void);
++void clear_block_list(void);
++
++int acl_match_host(const char *ip);
++int acl_add_ip(const char *ip);
++int acl_remove_ip(const char *ip);
++
++int get_acl_mode(void);
++
++void init_block_list(int firewall);
++void free_block_list();
++int check_block_list(char *addr);
++int update_block_list(char *addr, int err_level);
++int remove_from_block_list(char *addr);
++
++int outbound_block_match_host(const char *host);
++
++#endif // _ACL_H
+diff --git a/server/auth.c b/server/auth.c
+new file mode 100644
+index 0000000..a36257a
+--- /dev/null
++++ b/server/auth.c
+@@ -0,0 +1,993 @@
++
++#include "auth.h"
++
++static int auth_simple_pack_unit_size = 2000;
++typedef int (*hmac_with_key_func)(char *auth, char *msg, int msg_len, uint8_t *auth_key, int key_len);
++typedef int (*hash_func)(char *auth, char *msg, int msg_len);
++
++typedef struct auth_simple_global_data {
++    uint8_t local_client_id[8];
++    uint32_t connection_id;
++}auth_simple_global_data;
++
++typedef struct auth_simple_local_data {
++    int has_sent_header;
++    char * recv_buffer;
++    int recv_buffer_size;
++    uint32_t recv_id;
++    uint32_t pack_id;
++    char * salt;
++    uint8_t * user_key;
++    char uid[4];
++    int user_key_len;
++    hmac_with_key_func hmac;
++    hash_func hash;
++    int hash_len;
++}auth_simple_local_data;
++
++void auth_simple_local_data_init(auth_simple_local_data* local) {
++    local->has_sent_header = 0;
++    local->recv_buffer = (char*)malloc(16384);
++    local->recv_buffer_size = 0;
++    local->recv_id = 1;
++    local->pack_id = 1;
++    local->salt = "";
++    local->user_key = 0;
++    local->user_key_len = 0;
++    local->hmac = 0;
++    local->hash = 0;
++    local->hash_len = 0;
++    local->salt = "";
++}
++
++void * auth_simple_init_data() {
++    auth_simple_global_data *global = (auth_simple_global_data*)malloc(sizeof(auth_simple_global_data));
++    rand_bytes(global->local_client_id, 8);
++    rand_bytes((uint8_t*)&global->connection_id, 4);
++    global->connection_id &= 0xFFFFFF;
++    return global;
++}
++
++obfs * auth_simple_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(auth_simple_local_data));
++    auth_simple_local_data_init((auth_simple_local_data*)self->l_data);
++    return self;
++}
++
++obfs * auth_aes128_md5_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(auth_simple_local_data));
++    auth_simple_local_data_init((auth_simple_local_data*)self->l_data);
++    ((auth_simple_local_data*)self->l_data)->hmac = ss_md5_hmac_with_key;
++    ((auth_simple_local_data*)self->l_data)->hash = ss_md5_hash_func;
++    ((auth_simple_local_data*)self->l_data)->hash_len = 16;
++    ((auth_simple_local_data*)self->l_data)->salt = "auth_aes128_md5";
++    return self;
++}
++
++obfs * auth_aes128_sha1_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(auth_simple_local_data));
++    auth_simple_local_data_init((auth_simple_local_data*)self->l_data);
++    ((auth_simple_local_data*)self->l_data)->hmac = ss_sha1_hmac_with_key;
++    ((auth_simple_local_data*)self->l_data)->hash = ss_sha1_hash_func;
++    ((auth_simple_local_data*)self->l_data)->hash_len = 20;
++    ((auth_simple_local_data*)self->l_data)->salt = "auth_aes128_sha1";
++    return self;
++}
++
++void auth_simple_dispose(obfs *self) {
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    if (local->recv_buffer != NULL) {
++        free(local->recv_buffer);
++        local->recv_buffer = NULL;
++    }
++    if (local->user_key != NULL) {
++        free(local->user_key);
++        local->user_key = NULL;
++    }
++    free(local);
++    self->l_data = NULL;
++    dispose_obfs(self);
++}
++
++int auth_simple_pack_data(char *data, int datalength, char *outdata) {
++    unsigned char rand_len = (xorshift128plus() & 0xF) + 1;
++    int out_size = rand_len + datalength + 6;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    outdata[2] = rand_len;
++    memmove(outdata + rand_len + 2, data, datalength);
++    fillcrc32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++void memintcopy_lt(void *mem, uint32_t val) {
++    ((uint8_t *)mem)[0] = val;
++    ((uint8_t *)mem)[1] = val >> 8;
++    ((uint8_t *)mem)[2] = val >> 16;
++    ((uint8_t *)mem)[3] = val >> 24;
++}
++
++int auth_simple_pack_auth_data(auth_simple_global_data *global, char *data, int datalength, char *outdata) {
++    unsigned char rand_len = (xorshift128plus() & 0xF) + 1;
++    int out_size = rand_len + datalength + 6 + 12;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    outdata[2] = rand_len;
++    ++global->connection_id;
++    if (global->connection_id > 0xFF000000) {
++        rand_bytes(global->local_client_id, 8);
++        rand_bytes((uint8_t*)&global->connection_id, 4);
++        global->connection_id &= 0xFFFFFF;
++    }
++    time_t t = time(NULL);
++    memintcopy_lt(outdata + rand_len + 2, t);
++    memmove(outdata + rand_len + 2 + 4, global->local_client_id, 4);
++    memintcopy_lt(outdata + rand_len + 2 + 8, global->connection_id);
++    memmove(outdata + rand_len + 2 + 12, data, datalength);
++    fillcrc32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++int auth_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 64);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    if (len > 0 && local->has_sent_header == 0) {
++        int head_size = get_head_size(plaindata, datalength, 30);
++        if (head_size > datalength)
++            head_size = datalength;
++        pack_len = auth_simple_pack_auth_data((auth_simple_global_data *)self->server.g_data, data, head_size, buffer);
++        buffer += pack_len;
++        data += head_size;
++        len -= head_size;
++        local->has_sent_header = 1;
++    }
++    while ( len > auth_simple_pack_unit_size ) {
++        pack_len = auth_simple_pack_data(data, auth_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += auth_simple_pack_unit_size;
++        len -= auth_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = auth_simple_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    while (local->recv_buffer_size > 2) {
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        int crc = crc32((unsigned char*)recv_buffer, length);
++        if (crc != -1) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        int data_size = length - recv_buffer[2] - 6;
++        memmove(buffer, recv_buffer + 2 + recv_buffer[2], data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++
++int auth_sha1_pack_data(char *data, int datalength, char *outdata) {
++    unsigned char rand_len = (xorshift128plus() & 0xF) + 1;
++    int out_size = rand_len + datalength + 6;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    outdata[2] = rand_len;
++    memmove(outdata + rand_len + 2, data, datalength);
++    filladler32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++int auth_sha1_pack_auth_data(auth_simple_global_data *global, server_info *server, char *data, int datalength, char *outdata) {
++    unsigned char rand_len = (xorshift128plus() & 0x7F) + 1;
++    int data_offset = rand_len + 4 + 2;
++    int out_size = data_offset + datalength + 12 + OBFS_HMAC_SHA1_LEN;
++    fillcrc32to((unsigned char *)server->key, server->key_len, (unsigned char *)outdata);
++    outdata[4] = out_size >> 8;
++    outdata[5] = out_size;
++    outdata[6] = rand_len;
++    ++global->connection_id;
++    if (global->connection_id > 0xFF000000) {
++        rand_bytes(global->local_client_id, 8);
++        rand_bytes((uint8_t*)&global->connection_id, 4);
++        global->connection_id &= 0xFFFFFF;
++    }
++    time_t t = time(NULL);
++    memintcopy_lt(outdata + data_offset, t);
++    memmove(outdata + data_offset + 4, global->local_client_id, 4);
++    memintcopy_lt(outdata + data_offset + 8, global->connection_id);
++    memmove(outdata + data_offset + 12, data, datalength);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    ss_sha1_hmac(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, server->iv);
++    memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN);
++    return out_size;
++}
++
++int auth_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 256);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    if (len > 0 && local->has_sent_header == 0) {
++        int head_size = get_head_size(plaindata, datalength, 30);
++        if (head_size > datalength)
++            head_size = datalength;
++        pack_len = auth_sha1_pack_auth_data((auth_simple_global_data *)self->server.g_data, &self->server, data, head_size, buffer);
++        buffer += pack_len;
++        data += head_size;
++        len -= head_size;
++        local->has_sent_header = 1;
++    }
++    while ( len > auth_simple_pack_unit_size ) {
++        pack_len = auth_sha1_pack_data(data, auth_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += auth_simple_pack_unit_size;
++        len -= auth_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = auth_sha1_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    while (local->recv_buffer_size > 2) {
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        if (checkadler32((unsigned char*)recv_buffer, length) == 0) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        int pos = recv_buffer[2] + 2;
++        int data_size = length - pos - 4;
++        memmove(buffer, recv_buffer + pos, data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_sha1_v2_pack_data(char *data, int datalength, char *outdata) {
++    unsigned int rand_len = (datalength > 1300 ? 0 : datalength > 400 ? (xorshift128plus() & 0x7F) : (xorshift128plus() & 0x3FF)) + 1;
++    int out_size = rand_len + datalength + 6;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    if (rand_len < 128)
++    {
++        outdata[2] = rand_len;
++    }
++    else
++    {
++        outdata[2] = 0xFF;
++        outdata[3] = rand_len >> 8;
++        outdata[4] = rand_len;
++    }
++    memmove(outdata + rand_len + 2, data, datalength);
++    filladler32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++int auth_sha1_v2_pack_auth_data(auth_simple_global_data *global, server_info *server, char *data, int datalength, char *outdata) {
++    unsigned int rand_len = (datalength > 1300 ? 0 : datalength > 400 ? (xorshift128plus() & 0x7F) : (xorshift128plus() & 0x3FF)) + 1;
++    int data_offset = rand_len + 4 + 2;
++    int out_size = data_offset + datalength + 12 + OBFS_HMAC_SHA1_LEN;
++    const char* salt = "auth_sha1_v2";
++    int salt_len = strlen(salt);
++    unsigned char *crc_salt = (unsigned char*)malloc(salt_len + server->key_len);
++    memcpy(crc_salt, salt, salt_len);
++    memcpy(crc_salt + salt_len, server->key, server->key_len);
++    fillcrc32to(crc_salt, salt_len + server->key_len, (unsigned char *)outdata);
++    free(crc_salt);
++    outdata[4] = out_size >> 8;
++    outdata[5] = out_size;
++    if (rand_len < 128)
++    {
++        outdata[6] = rand_len;
++    }
++    else
++    {
++        outdata[6] = 0xFF;
++        outdata[7] = rand_len >> 8;
++        outdata[8] = rand_len;
++    }
++    ++global->connection_id;
++    if (global->connection_id > 0xFF000000) {
++        rand_bytes(global->local_client_id, 8);
++        rand_bytes((uint8_t*)&global->connection_id, 4);
++        global->connection_id &= 0xFFFFFF;
++    }
++    memmove(outdata + data_offset, global->local_client_id, 8);
++    memintcopy_lt(outdata + data_offset + 8, global->connection_id);
++    memmove(outdata + data_offset + 12, data, datalength);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    ss_sha1_hmac(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, server->iv);
++    memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN);
++    return out_size;
++}
++
++int auth_sha1_v2_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 4096);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    if (len > 0 && local->has_sent_header == 0) {
++        int head_size = get_head_size(plaindata, datalength, 30);
++        if (head_size > datalength)
++            head_size = datalength;
++        pack_len = auth_sha1_v2_pack_auth_data((auth_simple_global_data *)self->server.g_data, &self->server, data, head_size, buffer);
++        buffer += pack_len;
++        data += head_size;
++        len -= head_size;
++        local->has_sent_header = 1;
++    }
++    while ( len > auth_simple_pack_unit_size ) {
++        pack_len = auth_sha1_v2_pack_data(data, auth_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += auth_simple_pack_unit_size;
++        len -= auth_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = auth_sha1_v2_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_sha1_v2_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    char error = 0;
++    while (local->recv_buffer_size > 2) {
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        if (checkadler32((unsigned char*)recv_buffer, length) == 0) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        int pos = recv_buffer[2];
++        if (pos < 255)
++        {
++            pos += 2;
++        }
++        else
++        {
++            pos = ((recv_buffer[3] << 8) | recv_buffer[4]) + 2;
++        }
++        int data_size = length - pos - 4;
++        memmove(buffer, recv_buffer + pos, data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len;
++    if (error == 0) {
++        len = buffer - out_buffer;
++        if (*capacity < len) {
++            *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++            plaindata = *pplaindata;
++        }
++        memmove(plaindata, out_buffer, len);
++    } else {
++        len = -1;
++    }
++    free(out_buffer);
++    return len;
++}
++
++int auth_sha1_v4_pack_data(char *data, int datalength, char *outdata) {
++    unsigned int rand_len = (datalength > 1300 ? 0 : datalength > 400 ? (xorshift128plus() & 0x7F) : (xorshift128plus() & 0x3FF)) + 1;
++    int out_size = rand_len + datalength + 8;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    uint32_t crc_val = crc32((unsigned char*)outdata, 2);
++    outdata[2] = crc_val;
++    outdata[3] = crc_val >> 8;
++    if (rand_len < 128)
++    {
++        outdata[4] = rand_len;
++    }
++    else
++    {
++        outdata[4] = 0xFF;
++        outdata[5] = rand_len >> 8;
++        outdata[6] = rand_len;
++    }
++    memmove(outdata + rand_len + 4, data, datalength);
++    filladler32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++int auth_sha1_v4_pack_auth_data(auth_simple_global_data *global, server_info *server, char *data, int datalength, char *outdata) {
++    unsigned int rand_len = (datalength > 1300 ? 0 : datalength > 400 ? (xorshift128plus() & 0x7F) : (xorshift128plus() & 0x3FF)) + 1;
++    int data_offset = rand_len + 4 + 2;
++    int out_size = data_offset + datalength + 12 + OBFS_HMAC_SHA1_LEN;
++    const char* salt = "auth_sha1_v4";
++    int salt_len = strlen(salt);
++    unsigned char *crc_salt = (unsigned char*)malloc(salt_len + server->key_len + 2);
++    crc_salt[0] = outdata[0] = out_size >> 8;
++    crc_salt[1] = outdata[1] = out_size;
++
++    memcpy(crc_salt + 2, salt, salt_len);
++    memcpy(crc_salt + salt_len + 2, server->key, server->key_len);
++    fillcrc32to(crc_salt, salt_len + server->key_len + 2, (unsigned char *)outdata + 2);
++    free(crc_salt);
++    if (rand_len < 128)
++    {
++        outdata[6] = rand_len;
++    }
++    else
++    {
++        outdata[6] = 0xFF;
++        outdata[7] = rand_len >> 8;
++        outdata[8] = rand_len;
++    }
++    ++global->connection_id;
++    if (global->connection_id > 0xFF000000) {
++        rand_bytes(global->local_client_id, 8);
++        rand_bytes((uint8_t*)&global->connection_id, 4);
++        global->connection_id &= 0xFFFFFF;
++    }
++    time_t t = time(NULL);
++    memintcopy_lt(outdata + data_offset, t);
++    memmove(outdata + data_offset + 4, global->local_client_id, 4);
++    memintcopy_lt(outdata + data_offset + 8, global->connection_id);
++    memmove(outdata + data_offset + 12, data, datalength);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    ss_sha1_hmac(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, server->iv);
++    memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN);
++    return out_size;
++}
++
++int auth_sha1_v4_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 4096);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    if (len > 0 && local->has_sent_header == 0) {
++        int head_size = get_head_size(plaindata, datalength, 30);
++        if (head_size > datalength)
++            head_size = datalength;
++        pack_len = auth_sha1_v4_pack_auth_data((auth_simple_global_data *)self->server.g_data, &self->server, data, head_size, buffer);
++        buffer += pack_len;
++        data += head_size;
++        len -= head_size;
++        local->has_sent_header = 1;
++    }
++    while ( len > auth_simple_pack_unit_size ) {
++        pack_len = auth_sha1_v4_pack_data(data, auth_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += auth_simple_pack_unit_size;
++        len -= auth_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = auth_sha1_v4_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_sha1_v4_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    char error = 0;
++    while (local->recv_buffer_size > 4) {
++        uint32_t crc_val = crc32((unsigned char*)recv_buffer, 2);
++        if ((((uint32_t)recv_buffer[3] << 8) | recv_buffer[2]) != (crc_val & 0xffff)) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        if (checkadler32((unsigned char*)recv_buffer, length) == 0) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        int pos = recv_buffer[4];
++        if (pos < 255)
++        {
++            pos += 4;
++        }
++        else
++        {
++            pos = (((int)recv_buffer[5] << 8) | recv_buffer[6]) + 4;
++        }
++        int data_size = length - pos - 4;
++        memmove(buffer, recv_buffer + pos, data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len;
++    if (error == 0) {
++        len = buffer - out_buffer;
++        if (*capacity < len) {
++            *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++            plaindata = *pplaindata;
++        }
++        memmove(plaindata, out_buffer, len);
++    } else {
++        len = -1;
++    }
++    free(out_buffer);
++    return len;
++}
++
++
++int auth_aes128_sha1_pack_data(char *data, int datalength, char *outdata, auth_simple_local_data *local, server_info *server) {
++    unsigned int rand_len = (datalength > 1200 ? 0 : local->pack_id > 4 ? (xorshift128plus() & 0x20) : datalength > 900 ? (xorshift128plus() & 0x80) : (xorshift128plus() & 0x200)) + 1;
++    int out_size = rand_len + datalength + 8;
++    memcpy(outdata + rand_len + 4, data, datalength);
++    outdata[0] = out_size;
++    outdata[1] = out_size >> 8;
++    uint8_t key_len = local->user_key_len + 4;
++    uint8_t *key = (uint8_t*)malloc(key_len);
++    memcpy(key, local->user_key, local->user_key_len);
++    memintcopy_lt(key + key_len - 4, local->pack_id);
++
++    {
++        uint8_t rnd_data[rand_len];
++        rand_bytes(rnd_data, rand_len);
++        memcpy(outdata + 4, rnd_data, rand_len);
++    }
++
++    {
++        char hash[20];
++        local->hmac(hash, outdata, 2, key, key_len);
++        memcpy(outdata + 2, hash, 2);
++    }
++
++    if (rand_len < 128)
++    {
++        outdata[4] = rand_len;
++    }
++    else
++    {
++        outdata[4] = 0xFF;
++        outdata[5] = rand_len;
++        outdata[6] = rand_len >> 8;
++    }
++    ++local->pack_id;
++
++    {
++        char hash[20];
++        local->hmac(hash, outdata, out_size - 4, key, key_len);
++        memcpy(outdata + out_size - 4, hash, 4);
++    }
++    free(key);
++
++    return out_size;
++}
++
++int auth_aes128_sha1_pack_auth_data(auth_simple_global_data *global, server_info *server, auth_simple_local_data *local, char *data, int datalength, char *outdata) {
++    unsigned int rand_len = (datalength > 400 ? (xorshift128plus() & 0x200) : (xorshift128plus() & 0x400));
++    int data_offset = rand_len + 16 + 4 + 4 + 7;
++    int out_size = data_offset + datalength + 4;
++
++    char encrypt[24];
++    char encrypt_data[16];
++
++    uint8_t *key = (uint8_t*)malloc(server->iv_len + server->key_len);
++    uint8_t key_len = server->iv_len + server->key_len;
++    memcpy(key, server->iv, server->iv_len);
++    memcpy(key + server->iv_len, server->key, server->key_len);
++
++    {
++        uint8_t rnd_data[rand_len];
++        rand_bytes(rnd_data, rand_len);
++        memcpy(outdata + data_offset - rand_len, rnd_data, rand_len);
++    }
++
++    ++global->connection_id;
++    if (global->connection_id > 0xFF000000) {
++        rand_bytes(global->local_client_id, 8);
++        rand_bytes((uint8_t*)&global->connection_id, 4);
++        global->connection_id &= 0xFFFFFF;
++    }
++    time_t t = time(NULL);
++    memintcopy_lt(encrypt, t);
++    memcpy(encrypt + 4, global->local_client_id, 4);
++    memintcopy_lt(encrypt + 8, global->connection_id);
++    encrypt[12] = out_size;
++    encrypt[13] = out_size >> 8;
++    encrypt[14] = rand_len;
++    encrypt[15] = rand_len >> 8;
++
++    {
++
++        if (local->user_key == NULL) {
++            if(server->param != NULL && server->param[0] != 0) {
++                char *param = server->param;
++                char *delim = strchr(param, ':');
++                if(delim != NULL) {
++                    char uid_str[16] = {};
++                    strncpy(uid_str, param, delim - param);
++                    char key_str[128];
++                    strcpy(key_str, delim + 1);
++                    long uid_long = strtol(uid_str, NULL, 10);
++                    memintcopy_lt(local->uid, uid_long);
++
++                    char hash[21] = {0};
++                    local->hash(hash, key_str, strlen(key_str));
++
++                    local->user_key_len = local->hash_len;
++                    local->user_key = (uint8_t*)malloc(local->user_key_len);
++                    memcpy(local->user_key, hash, local->hash_len);
++                }
++            }
++            if (local->user_key == NULL) {
++                rand_bytes((uint8_t *)local->uid, 4);
++
++                local->user_key_len = server->key_len;
++                local->user_key = (uint8_t*)malloc(local->user_key_len);
++                memcpy(local->user_key, server->key, local->user_key_len);
++            }
++        }
++
++        char encrypt_key_base64[256] = {0};
++        unsigned char encrypt_key[local->user_key_len];
++        memcpy(encrypt_key, local->user_key, local->user_key_len);
++        base64_encode(encrypt_key, local->user_key_len, encrypt_key_base64);
++
++        int base64_len;
++        base64_len = (local->user_key_len + 2) / 3 * 4;
++        memcpy(encrypt_key_base64 + base64_len, local->salt, strlen(local->salt));
++
++        char enc_key[16];
++        int enc_key_len = base64_len + strlen(local->salt);
++        bytes_to_key_with_size(encrypt_key_base64, enc_key_len, (uint8_t*)enc_key, 16);
++        ss_aes_128_cbc(encrypt, encrypt_data, enc_key);
++        memcpy(encrypt + 4, encrypt_data, 16);
++        memcpy(encrypt, local->uid, 4);
++    }
++
++    {
++        char hash[20];
++        local->hmac(hash, encrypt, 20, key, key_len);
++        memcpy(encrypt + 20, hash, 4);
++    }
++
++    {
++        uint8_t rnd[1];
++        rand_bytes(rnd, 1);
++        memcpy(outdata, rnd, 1);
++        char hash[20];
++        local->hmac(hash, (char *)rnd, 1, key, key_len);
++        memcpy(outdata + 1, hash, 6);
++    }
++
++    memcpy(outdata + 7, encrypt, 24);
++    memcpy(outdata + data_offset, data, datalength);
++
++    {
++        char hash[20];
++        local->hmac(hash, outdata, out_size - 4, local->user_key, local->user_key_len);
++        memmove(outdata + out_size - 4, hash, 4);
++    }
++    free(key);
++
++    return out_size;
++}
++
++int auth_aes128_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 4096);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    if (len > 0 && local->has_sent_header == 0) {
++        int head_size = 1200;
++        if (head_size > datalength)
++            head_size = datalength;
++        pack_len = auth_aes128_sha1_pack_auth_data((auth_simple_global_data *)self->server.g_data, &self->server, local, data, head_size, buffer);
++        buffer += pack_len;
++        data += head_size;
++        len -= head_size;
++        local->has_sent_header = 1;
++    }
++    while ( len > auth_simple_pack_unit_size ) {
++        pack_len = auth_aes128_sha1_pack_data(data, auth_simple_pack_unit_size, buffer, local, &self->server);
++        buffer += pack_len;
++        data += auth_simple_pack_unit_size;
++        len -= auth_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = auth_aes128_sha1_pack_data(data, len, buffer, local, &self->server);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int auth_aes128_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    //server_info *server = (server_info*)&self->server;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    int key_len = local->user_key_len + 4;
++    uint8_t *key = (uint8_t*)malloc(key_len);
++    memcpy(key, local->user_key, local->user_key_len);
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    char error = 0;
++    while (local->recv_buffer_size > 4) {
++        memintcopy_lt(key + key_len - 4, local->recv_id);
++
++        {
++            char hash[20];
++            local->hmac(hash, (char*)recv_buffer, 2, key, key_len);
++
++            if (memcmp(hash, recv_buffer + 2, 2)) {
++                local->recv_buffer_size = 0;
++                error = 1;
++                break;
++            }
++        }
++
++        int length = ((int)recv_buffer[1] << 8) + recv_buffer[0];
++        if (length >= 8192 || length < 8) {
++            local->recv_buffer_size = 0;
++            error = 1;
++            break;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        {
++            char hash[20];
++            local->hmac(hash, (char *)recv_buffer, length - 4, key, key_len);
++            if (memcmp(hash, recv_buffer + length - 4, 4))
++            {
++                local->recv_buffer_size = 0;
++                error = 1;
++                break;
++            }
++        }
++
++        ++local->recv_id;
++        int pos = recv_buffer[4];
++        if (pos < 255)
++        {
++            pos += 4;
++        }
++        else
++        {
++            pos = (((int)recv_buffer[6] << 8) | recv_buffer[5]) + 4;
++        }
++        int data_size = length - pos - 4;
++        memmove(buffer, recv_buffer + pos, data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len;
++    if (error == 0) {
++        len = buffer - out_buffer;
++        if (*capacity < len) {
++            *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++            plaindata = *pplaindata;
++        }
++        memmove(plaindata, out_buffer, len);
++    } else {
++        len = -1;
++    }
++    free(out_buffer);
++    free(key);
++    return len;
++}
++
++int auth_aes128_sha1_client_udp_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength + 8);
++
++    if (local->user_key == NULL) {
++        if(self->server.param != NULL && self->server.param[0] != 0) {
++            char *param = self->server.param;
++            char *delim = strchr(param, ':');
++            if(delim != NULL) {
++                char uid_str[16] = {};
++                strncpy(uid_str, param, delim - param);
++                char key_str[128];
++                strcpy(key_str, delim + 1);
++                long uid_long = strtol(uid_str, NULL, 10);
++                memintcopy_lt(local->uid, uid_long);
++
++                char hash[21] = {0};
++                local->hash(hash, key_str, strlen(key_str));
++
++                local->user_key_len = local->hash_len;
++                local->user_key = (uint8_t*)malloc(local->user_key_len);
++                memcpy(local->user_key, hash, local->hash_len);
++            }
++        }
++        if (local->user_key == NULL) {
++            rand_bytes((uint8_t *)local->uid, 4);
++
++            local->user_key_len = self->server.key_len;
++            local->user_key = (uint8_t*)malloc(local->user_key_len);
++            memcpy(local->user_key, self->server.key, local->user_key_len);
++        }
++    }
++
++    int outlength = datalength + 8;
++    memmove(out_buffer, plaindata, datalength);
++    memmove(out_buffer + datalength, local->uid, 4);
++
++    {
++        char hash[20];
++        local->hmac(hash, out_buffer, outlength - 4, local->user_key, local->user_key_len);
++        memmove(out_buffer + outlength - 4, hash, 4);
++    }
++
++    if (*capacity < outlength) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = outlength * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, outlength);
++
++    free(out_buffer);
++    return outlength;
++}
++
++int auth_aes128_sha1_client_udp_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity) {
++    if (datalength <= 4)
++        return 0;
++
++    char *plaindata = *pplaindata;
++    auth_simple_local_data *local = (auth_simple_local_data*)self->l_data;
++
++    char hash[20];
++    local->hmac(hash, plaindata, datalength - 4, self->server.key, self->server.key_len);
++
++    if (memcmp(hash, plaindata + datalength - 4, 4))
++    {
++        return 0;
++    }
++
++    return datalength - 4;
++}
+diff --git a/server/auth.h b/server/auth.h
+new file mode 100644
+index 0000000..f7730df
+--- /dev/null
++++ b/server/auth.h
+@@ -0,0 +1,30 @@
++/*
++ * auth.h - Define shadowsocksR server's buffers and callbacks
++ *
++ * Copyright (C) 2015 - 2016, Break Wa11 <mmgac001@gmail.com>
++ */
++
++#ifndef _AUTH_H
++#define _AUTH_H
++
++void * auth_simple_init_data();
++obfs * auth_simple_new_obfs();
++void auth_simple_dispose(obfs *self);
++
++int auth_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int auth_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++
++int auth_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int auth_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++int auth_sha1_v2_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int auth_sha1_v2_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++int auth_sha1_v4_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int auth_sha1_v4_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++int auth_aes128_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int auth_aes128_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++#endif // _AUTH_H
+diff --git a/server/base64.c b/server/base64.c
+new file mode 100644
+index 0000000..7cf9552
+--- /dev/null
++++ b/server/base64.c
+@@ -0,0 +1,119 @@
++#include "base64.h"
++
++/* BASE 64 encode table */
++static const char base64en[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
++
++#define BASE64_PAD  '='
++
++#define BASE64DE_FIRST  '+'
++#define BASE64DE_LAST   'z'
++
++/* ASCII order for BASE 64 decode, -1 in unused character */
++static const signed char base64de[] = {
++        -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
++        -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
++        -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
++        -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
++        -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
++    /*                '+', ',', '-', '.', '/', */
++        -1,  -1,  -1,  62,  -1,  -1,  -1,  63,
++    /* '0', '1', '2', '3', '4', '5', '6', '7', */
++        52,  53,  54,  55,  56,  57,  58,  59,
++    /* '8', '9', ':', ';', '<', '=', '>', '?', */
++        60,  61,  -1,  -1,  -1,  -1,  -1,  -1,
++    /* '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G', */
++        -1,   0,   1,   2,   3,   4,   5,   6,
++    /* 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', */
++         7,   8,   9,  10,  11,  12,  13,  14,
++    /* 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', */
++        15,  16,  17,  18,  19,  20,  21,  22,
++    /* 'X', 'Y', 'Z', '[', '\', ']', '^', '_', */
++        23,  24,  25,  -1,  -1,  -1,  -1,  -1,
++    /* '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g', */
++        -1,  26,  27,  28,  29,  30,  31,  32,
++    /* 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', */
++        33,  34,  35,  36,  37,  38,  39,  40,
++    /* 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', */
++        41,  42,  43,  44,  45,  46,  47,  48,
++    /* 'x', 'y', 'z', */
++        49,  50,  51,
++};
++
++int
++base64_encode(const unsigned char *in, unsigned int inlen, char *out)
++{
++    unsigned int i, j;
++
++    for (i = j = 0; i < inlen; i++) {
++        int s = i % 3;          /* from 6/gcd(6, 8) */
++
++        switch (s) {
++        case 0:
++            out[j++] = base64en[(in[i] >> 2) & 0x3F];
++            continue;
++        case 1:
++            out[j++] = base64en[((in[i-1] & 0x3) << 4) + ((in[i] >> 4) & 0xF)];
++            continue;
++        case 2:
++            out[j++] = base64en[((in[i-1] & 0xF) << 2) + ((in[i] >> 6) & 0x3)];
++            out[j++] = base64en[in[i] & 0x3F];
++        }
++    }
++
++    /* move back */
++    i -= 1;
++
++    /* check the last and add padding */
++    if ((i % 3) == 0) {
++        out[j++] = base64en[(in[i] & 0x3) << 4];
++        out[j++] = BASE64_PAD;
++        out[j++] = BASE64_PAD;
++    } else if ((i % 3) == 1) {
++        out[j++] = base64en[(in[i] & 0xF) << 2];
++        out[j++] = BASE64_PAD;
++    }
++
++    return BASE64_OK;
++}
++
++int
++base64_decode(const char *in, unsigned int inlen, unsigned char *out)
++{
++    unsigned int i, j;
++
++    for (i = j = 0; i < inlen; i++) {
++        int c;
++        int s = i % 4;          /* from 8/gcd(6, 8) */
++
++        if (in[i] == '=')
++            return BASE64_OK;
++
++        if (in[i] < BASE64DE_FIRST || in[i] > BASE64DE_LAST ||
++            (c = base64de[(int)in[i]]) == -1)
++            return BASE64_INVALID;
++
++        switch (s) {
++        case 0:
++            out[j] = ((unsigned int)c << 2) & 0xFF;
++            continue;
++        case 1:
++            out[j++] += ((unsigned int)c >> 4) & 0x3;
++
++            /* if not last char with padding */
++            if (i < (inlen - 3) || in[inlen - 2] != '=')
++                out[j] = ((unsigned int)c & 0xF) << 4; 
++            continue;
++        case 2:
++            out[j++] += ((unsigned int)c >> 2) & 0xF;
++
++            /* if not last char with padding */
++            if (i < (inlen - 2) || in[inlen - 1] != '=')
++                out[j] =  ((unsigned int)c & 0x3) << 6;
++            continue;
++        case 3:
++            out[j++] += (unsigned char)c;
++        }
++    }
++
++    return BASE64_OK;
++}
+diff --git a/server/base64.h b/server/base64.h
+new file mode 100644
+index 0000000..6432ba3
+--- /dev/null
++++ b/server/base64.h
+@@ -0,0 +1,16 @@
++#ifndef __BASE64_H__
++#define __BASE64_H__
++
++enum {BASE64_OK = 0, BASE64_INVALID};
++
++#define BASE64_ENCODE_OUT_SIZE(s)	(((s) + 2) / 3 * 4)
++#define BASE64_DECODE_OUT_SIZE(s)	(((s)) / 4 * 3)
++
++int
++base64_encode(const unsigned char *in, unsigned int inlen, char *out);
++
++int
++base64_decode(const char *in, unsigned int inlen, unsigned char *out);
++
++
++#endif /* __BASE64_H__ */
+diff --git a/server/cache.c b/server/cache.c
+new file mode 100644
+index 0000000..c1a2995
+--- /dev/null
++++ b/server/cache.c
+@@ -0,0 +1,308 @@
++/*
++ * cache.c - Manage the connection cache for UDPRELAY
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++/*
++ * Original Author:  Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org
++ * License:  This is licensed under the same terms as uthash itself
++ */
++
++#include <errno.h>
++#include <stdlib.h>
++
++#include "cache.h"
++#include "utils.h"
++
++#ifdef __MINGW32__
++#include "win32.h"
++#endif
++
++/** Creates a new cache object
++ *
++ *  @param dst
++ *  Where the newly allocated cache object will be stored in
++ *
++ *  @param capacity
++ *  The maximum number of elements this cache object can hold
++ *
++ *  @return EINVAL if dst is NULL, ENOMEM if malloc fails, 0 otherwise
++ */
++int
++cache_create(struct cache **dst, const size_t capacity,
++             void (*free_cb)(void *key, void *element))
++{
++    struct cache *new = NULL;
++
++    if (!dst) {
++        return EINVAL;
++    }
++
++    if ((new = malloc(sizeof(*new))) == NULL) {
++        return ENOMEM;
++    }
++
++    new->max_entries = capacity;
++    new->entries     = NULL;
++    new->free_cb     = free_cb;
++    *dst             = new;
++    return 0;
++}
++
++/** Frees an allocated cache object
++ *
++ *  @param cache
++ *  The cache object to free
++ *
++ *  @param keep_data
++ *  Whether to free contained data or just delete references to it
++ *
++ *  @return EINVAL if cache is NULL, 0 otherwise
++ */
++int
++cache_delete(struct cache *cache, int keep_data)
++{
++    struct cache_entry *entry, *tmp;
++
++    if (!cache) {
++        return EINVAL;
++    }
++
++    if (keep_data) {
++        HASH_CLEAR(hh, cache->entries);
++    } else {
++        HASH_ITER(hh, cache->entries, entry, tmp){
++            HASH_DEL(cache->entries, entry);
++            if (entry->data != NULL) {
++                if (cache->free_cb) {
++                    cache->free_cb(entry->key, entry->data);
++                } else {
++                    ss_free(entry->data);
++                }
++            }
++            ss_free(entry->key);
++            ss_free(entry);
++        }
++    }
++
++    ss_free(cache);
++    return 0;
++}
++
++/** Clear old cache object
++ *
++ *  @param cache
++ *  The cache object to clear
++ *
++ *  @param age
++ *  Clear only objects older than the age (sec)
++ *
++ *  @return EINVAL if cache is NULL, 0 otherwise
++ */
++int
++cache_clear(struct cache *cache, ev_tstamp age)
++{
++    struct cache_entry *entry, *tmp;
++
++    if (!cache) {
++        return EINVAL;
++    }
++
++    ev_tstamp now = ev_time();
++
++    HASH_ITER(hh, cache->entries, entry, tmp){
++        if (now - entry->ts > age) {
++            HASH_DEL(cache->entries, entry);
++            if (entry->data != NULL) {
++                if (cache->free_cb) {
++                    cache->free_cb(entry->key, entry->data);
++                } else {
++                    ss_free(entry->data);
++                }
++            }
++            ss_free(entry->key);
++            ss_free(entry);
++        }
++    }
++
++    return 0;
++}
++
++/** Removes a cache entry
++ *
++ *  @param cache
++ *  The cache object
++ *
++ *  @param key
++ *  The key of the entry to remove
++ *
++ *  @param key_len
++ *  The length of key
++ *
++ *  @return EINVAL if cache is NULL, 0 otherwise
++ */
++int
++cache_remove(struct cache *cache, char *key, size_t key_len)
++{
++    struct cache_entry *tmp;
++
++    if (!cache || !key) {
++        return EINVAL;
++    }
++
++    HASH_FIND(hh, cache->entries, key, key_len, tmp);
++
++    if (tmp) {
++        HASH_DEL(cache->entries, tmp);
++        if (tmp->data != NULL) {
++            if (cache->free_cb) {
++                cache->free_cb(tmp->key, tmp->data);
++            } else {
++                ss_free(tmp->data);
++            }
++        }
++        ss_free(tmp->key);
++        ss_free(tmp);
++    }
++
++    return 0;
++}
++
++/** Checks if a given key is in the cache
++ *
++ *  @param cache
++ *  The cache object
++ *
++ *  @param key
++ *  The key to look-up
++ *
++ *  @param key_len
++ *  The length of key
++ *
++ *  @param result
++ *  Where to store the result if key is found.
++ *
++ *  A warning: Even though result is just a pointer,
++ *  you have to call this function with a **ptr,
++ *  otherwise this will blow up in your face.
++ *
++ *  @return EINVAL if cache is NULL, 0 otherwise
++ */
++int
++cache_lookup(struct cache *cache, char *key, size_t key_len, void *result)
++{
++    struct cache_entry *tmp = NULL;
++    char **dirty_hack       = result;
++
++    if (!cache || !key || !result) {
++        return EINVAL;
++    }
++
++    HASH_FIND(hh, cache->entries, key, key_len, tmp);
++    if (tmp) {
++        HASH_DELETE(hh, cache->entries, tmp);
++        tmp->ts = ev_time();
++        HASH_ADD_KEYPTR(hh, cache->entries, tmp->key, key_len, tmp);
++        *dirty_hack = tmp->data;
++    } else {
++        *dirty_hack = result = NULL;
++    }
++
++    return 0;
++}
++
++int
++cache_key_exist(struct cache *cache, char *key, size_t key_len)
++{
++    struct cache_entry *tmp = NULL;
++
++    if (!cache || !key) {
++        return 0;
++    }
++
++    HASH_FIND(hh, cache->entries, key, key_len, tmp);
++    if (tmp) {
++        HASH_DELETE(hh, cache->entries, tmp);
++        tmp->ts = ev_time();
++        HASH_ADD_KEYPTR(hh, cache->entries, tmp->key, key_len, tmp);
++        return 1;
++    } else {
++        return 0;
++    }
++
++    return 0;
++}
++
++/** Inserts a given <key, value> pair into the cache
++ *
++ *  @param cache
++ *  The cache object
++ *
++ *  @param key
++ *  The key that identifies <value>
++ *
++ *  @param key_len
++ *  The length of key
++ *
++ *  @param data
++ *  Data associated with <key>
++ *
++ *  @return EINVAL if cache is NULL, ENOMEM if malloc fails, 0 otherwise
++ */
++int
++cache_insert(struct cache *cache, char *key, size_t key_len, void *data)
++{
++    struct cache_entry *entry     = NULL;
++    struct cache_entry *tmp_entry = NULL;
++
++    if (!cache) {
++        return EINVAL;
++    }
++
++    if ((entry = malloc(sizeof(*entry))) == NULL) {
++        return ENOMEM;
++    }
++
++    entry->key = ss_malloc(key_len + 1);
++    memcpy(entry->key, key, key_len);
++    entry->key[key_len] = 0;
++
++    entry->data = data;
++    entry->ts   = ev_time();
++    HASH_ADD_KEYPTR(hh, cache->entries, entry->key, key_len, entry);
++
++    if (HASH_COUNT(cache->entries) >= cache->max_entries) {
++        HASH_ITER(hh, cache->entries, entry, tmp_entry){
++            HASH_DELETE(hh, cache->entries, entry);
++            if (entry->data != NULL) {
++                if (cache->free_cb) {
++                    cache->free_cb(entry->key, entry->data);
++                } else {
++                    ss_free(entry->data);
++                }
++            }
++            ss_free(entry->key);
++            ss_free(entry);
++            break;
++        }
++    }
++
++    return 0;
++}
+diff --git a/server/cache.h b/server/cache.h
+new file mode 100644
+index 0000000..0ec98f5
+--- /dev/null
++++ b/server/cache.h
+@@ -0,0 +1,62 @@
++/*
++ * cache.h - Define the cache manager interface
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++/*
++ * Original Author:  Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org
++ * License:  This is licensed under the same terms as uthash itself
++ */
++
++#ifndef _CACHE_
++#define _CACHE_
++
++#include "uthash.h"
++#include "ev.h"
++
++/**
++ * A cache entry
++ */
++struct cache_entry {
++    char *key;         /**<The key */
++    void *data;        /**<Payload */
++    ev_tstamp ts;    /**<Timestamp */
++    UT_hash_handle hh; /**<Hash Handle for uthash */
++};
++
++/**
++ * A cache object
++ */
++struct cache {
++    size_t max_entries;              /**<Amount of entries this cache object can hold */
++    struct cache_entry *entries;     /**<Head pointer for uthash */
++    void (*free_cb) (void *key, void *element); /**<Callback function to free cache entries */
++};
++
++int cache_create(struct cache **dst, const size_t capacity,
++                        void (*free_cb)(void *key, void *element));
++int cache_delete(struct cache *cache, int keep_data);
++int cache_clear(struct cache *cache, ev_tstamp age);
++int cache_lookup(struct cache *cache, char *key, size_t key_len, void *result);
++int cache_insert(struct cache *cache, char *key, size_t key_len, void *data);
++int cache_remove(struct cache *cache, char *key, size_t key_len);
++int cache_key_exist(struct cache *cache, char *key, size_t key_len);
++
++#endif
+diff --git a/server/check.c b/server/check.c
+new file mode 100644
+index 0000000..ad035e0
+--- /dev/null
++++ b/server/check.c
+@@ -0,0 +1,236 @@
++#include <stdlib.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netdb.h>
++#include <netinet/in.h>
++#include <errno.h>
++#include <time.h>
++#include<arpa/inet.h>
++#include <setjmp.h>
++#include <signal.h>
++#include <string.h>
++
++//#define __DEBUG__  
++#ifdef __DEBUG__  
++#define DEBUG(format,...) printf("File: "__FILE__", Line: %05d: "format"/n", __LINE__, ##__VA_ARGS__)  
++#else  
++#define DEBUG(format,...)  
++#endif  
++
++static sigjmp_buf jmpbuf;
++static void alarm_func()
++{
++    siglongjmp(jmpbuf, 1);
++}
++
++static struct hostent *timeGethostbyname(const char *domain, int timeout)
++{
++    struct hostent *ipHostent = NULL;
++    signal(SIGALRM, alarm_func);
++    if(sigsetjmp(jmpbuf, 1) != 0)
++    {
++        alarm(0);//timout
++        signal(SIGALRM, SIG_IGN);
++        return NULL;
++    }
++    alarm(timeout);//setting alarm
++    ipHostent = gethostbyname(domain);
++    signal(SIGALRM, SIG_IGN);
++    return ipHostent;
++}
++
++
++#define MY_HTTP_DEFAULT_PORT 80
++#define BUFFER_SIZE 1024
++#define HTTP_POST "POST /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n"\
++    "Content-Type:application/x-www-form-urlencoded\r\nContent-Length: %d\r\n\r\n%s"
++#define HTTP_GET "GET /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n\r\n"
++
++static int http_parse_url(const char *url,char *host,char *file,int *port)
++{
++    char *ptr1,*ptr2;
++    int len = 0;
++    if(!url || !host || !file || !port){
++        return 1;
++    }
++
++    ptr1 = (char *)url;
++
++    if(!strncmp(ptr1,"http://",strlen("http://"))){
++        ptr1 += strlen("http://");
++    }else{
++        return 1;
++    }
++
++    ptr2 = strchr(ptr1,'/');
++    if(ptr2){
++        len = strlen(ptr1) - strlen(ptr2);
++        memcpy(host,ptr1,len);
++        host[len] = '\0';
++        if(*(ptr2 + 1)){
++            memcpy(file,ptr2 + 1,strlen(ptr2) - 1 );
++            file[strlen(ptr2) - 1] = '\0';
++        }
++    }else{
++        memcpy(host,ptr1,strlen(ptr1));
++        host[strlen(ptr1)] = '\0';
++    }
++    //get host and ip
++    ptr1 = strchr(host,':');
++    if(ptr1){
++        *ptr1++ = '\0';
++        *port = atoi(ptr1);
++    }else{
++        *port = MY_HTTP_DEFAULT_PORT;
++    }
++
++    return 0;
++}
++
++
++static int http_tcpclient_recv(int socket,char *lpbuff){
++    int recvnum = 0;
++
++    recvnum = recv(socket, lpbuff,BUFFER_SIZE*4,0);
++
++    return recvnum;
++}
++
++static int http_tcpclient_send(int socket,char *buff,int size){
++    int sent=0,tmpres=0;
++
++    while(sent < size){
++        tmpres = send(socket,buff+sent,size-sent,0);
++        if(tmpres == -1){
++            return 1;
++        }
++        sent += tmpres;
++    }
++    return sent;
++}
++
++
++
++
++
++int  http_get(const char *url,int socket_fd)
++{
++    char lpbuf[BUFFER_SIZE*4] = {'\0'};
++
++    char host_addr[BUFFER_SIZE] = {'\0'};
++    char file[BUFFER_SIZE] = {'\0'};
++    int port = 0;
++
++
++    if(!url){
++       DEBUG("      failed!\n");
++        return 1;
++    }
++
++    if(http_parse_url(url,host_addr,file,&port)){
++       DEBUG("http_parse_url failed!\n");
++        return 1;
++    }
++    DEBUG("url:  %s\thost_addr : %s\tfile:%s\t,%d\n",url,host_addr,file,port);
++
++
++    if(socket_fd < 0){
++       DEBUG("http_tcpclient_create failed\n");
++        return 1;
++    }
++
++    sprintf(lpbuf,HTTP_GET,file,host_addr,port);
++
++    if(http_tcpclient_send(socket_fd,lpbuf,strlen(lpbuf)) < 0){
++       DEBUG("http_tcpclient_send failed..\n");
++        return 1;
++    }
++	  DEBUG("request:\n%s\n",lpbuf);
++
++    if(http_tcpclient_recv(socket_fd,lpbuf) <= 0){
++       DEBUG("http_tcpclient_recv failed\n");
++        close(socket_fd);
++        return 1;
++    }
++    DEBUG("rec:\n%s\n",lpbuf);
++    close(socket_fd);
++
++    //return http_parse_result(lpbuf);
++return 0;
++}
++
++
++
++int main(int argc, char *argv[])
++{
++        int fd,http_flag=0,http_ret=1;
++        struct sockaddr_in addr;
++        struct hostent *host;
++        struct timeval timeo = {3, 0};
++        socklen_t len = sizeof(timeo);
++        
++        char http_url[100]="http://";
++
++   
++
++        fd = socket(AF_INET, SOCK_STREAM, 0);
++        if (argc >= 4)
++                 timeo.tv_sec = atoi(argv[3]);
++        if (argc>=5)
++         http_flag=1;
++         
++        if((host=timeGethostbyname(argv[1],timeo.tv_sec)) == NULL) {
++        DEBUG("gethostbyname err\n");
++        return 1;
++    }
++  if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &timeo, len) == -1)
++    {
++
++      DEBUG("setsockopt send err\n");
++       return 1;
++    }
++            
++  if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timeo, len) == -1)
++    {
++
++      DEBUG("setsockopt recv err\n");
++       return 1;
++    }
++  
++         addr.sin_family = AF_INET;
++         addr.sin_addr = *((struct in_addr *)host->h_addr);
++         //addr.sin_addr.s_addr = inet_addr(argv[1]);
++         addr.sin_port = htons(atoi(argv[2]));
++if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
++    {  
++      if (errno == EINPROGRESS) 
++       {
++         DEBUG("timeout err\n");
++          return 1;
++        }  
++       DEBUG("connect err\n");
++        return 1;
++    }
++if(http_flag==0)
++{
++ close(fd);
++ return 0;
++}
++strcat(http_url,argv[1]);
++http_ret=http_get(http_url,fd);
++if(http_ret==1)
++{
++DEBUG("recv err");
++ return 1;
++}
++else
++{
++DEBUG("recv ok");
++
++ return 0;
++}
++
++}
+\ No newline at end of file
+diff --git a/server/common.h b/server/common.h
+new file mode 100644
+index 0000000..000f084
+--- /dev/null
++++ b/server/common.h
+@@ -0,0 +1,58 @@
++/*
++ * common.h - Provide global definitions
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _COMMON_H
++#define _COMMON_H
++
++#define DEFAULT_CONF_PATH "/etc/shadowsocks-libev/config.json"
++
++#ifndef SOL_TCP
++#define SOL_TCP IPPROTO_TCP
++#endif
++
++#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
++#define MODULE_LOCAL
++#endif
++
++int init_udprelay(const char *server_host, const char *server_port,
++#ifdef MODULE_LOCAL
++                  const struct sockaddr *remote_addr, const int remote_addr_len,
++#ifdef MODULE_TUNNEL
++                  const ss_addr_t tunnel_addr,
++#endif
++#endif
++                  int mtu, int method, int auth, int timeout, const char *iface, const char *protocol, const char *protocol_param);
++
++void free_udprelay(void);
++
++#ifdef ANDROID
++int protect_socket(int fd);
++int send_traffic_stat(uint64_t tx, uint64_t rx);
++#endif
++
++#define STAGE_ERROR     -1  /* Error detected                   */
++#define STAGE_INIT       0  /* Initial stage                    */
++#define STAGE_HANDSHAKE  1  /* Handshake with client            */
++#define STAGE_PARSE      2  /* Parse the header                 */
++#define STAGE_RESOLVE    4  /* Resolve the hostname             */
++#define STAGE_STREAM     5  /* Stream between client and server */
++
++#endif // _COMMON_H
+diff --git a/server/crc32.c b/server/crc32.c
+new file mode 100644
+index 0000000..6d328d2
+--- /dev/null
++++ b/server/crc32.c
+@@ -0,0 +1,97 @@
++static uint32_t crc32_table[256] = {0};
++
++void init_crc32_table(void) {
++    uint32_t c, i, j;
++    if (crc32_table[0] == 0) {
++        for (i = 0; i < 256; i++) {
++            c = i;
++            for (j = 0; j < 8; j++) {
++                if (c & 1)
++                    c = 0xedb88320L ^ (c >> 1);
++                else
++                    c = c >> 1;
++            }
++            crc32_table[i] = c;
++        }
++    }
++}
++
++uint32_t crc32(unsigned char *buffer, unsigned int size) {
++    uint32_t crc = 0xFFFFFFFF;
++    unsigned int i;
++    for (i = 0; i < size; i++) {
++        crc = crc32_table[(crc ^ buffer[i]) & 0xFF] ^ (crc >> 8);
++    }
++    return crc ^ 0xFFFFFFFF;
++}
++
++void fillcrc32to(unsigned char *buffer, unsigned int size, unsigned char *outbuffer) {
++    uint32_t crc = 0xFFFFFFFF;
++    unsigned int i;
++    for (i = 0; i < size; i++) {
++        crc = crc32_table[(crc ^ buffer[i]) & 0xff] ^ (crc >> 8);
++    }
++    crc ^= 0xFFFFFFFF;
++    outbuffer[0] = crc;
++    outbuffer[1] = crc >> 8;
++    outbuffer[2] = crc >> 16;
++    outbuffer[3] = crc >> 24;
++}
++
++void fillcrc32(unsigned char *buffer, unsigned int size) {
++    uint32_t crc = 0xFFFFFFFF;
++    unsigned int i;
++    size -= 4;
++    for (i = 0; i < size; i++) {
++        crc = crc32_table[(crc ^ buffer[i]) & 0xff] ^ (crc >> 8);
++    }
++    buffer += size;
++    buffer[0] = crc;
++    buffer[1] = crc >> 8;
++    buffer[2] = crc >> 16;
++    buffer[3] = crc >> 24;
++}
++
++void adler32_short(unsigned char *buffer, unsigned int size, uint32_t *a, uint32_t *b) {
++    for (int i = 0; i < size; i++) {
++        *a += buffer[i];
++        *b += *a;
++    }
++    *a %= 65521;
++    *b %= 65521;
++}
++
++#define NMAX 5552
++uint32_t adler32(unsigned char *buffer, unsigned int size) {
++    uint32_t a = 1;
++    uint32_t b = 0;
++    while ( size >= NMAX ) {
++        adler32_short(buffer, NMAX, &a, &b);
++        buffer += NMAX;
++        size -= NMAX;
++    }
++    adler32_short(buffer, size, &a, &b);
++    return (b << 16) + a;
++}
++#undef NMAX
++
++void filladler32(unsigned char *buffer, unsigned int size) {
++    size -= 4;
++    uint32_t checksum = adler32(buffer, size);
++    buffer += size;
++    buffer[0] = checksum;
++    buffer[1] = checksum >> 8;
++    buffer[2] = checksum >> 16;
++    buffer[3] = checksum >> 24;
++}
++
++int checkadler32(unsigned char *buffer, unsigned int size) {
++    size -= 4;
++    uint32_t checksum = adler32(buffer, size);
++    buffer += size;
++    return checksum == (((uint32_t)buffer[3] << 24)
++            | ((uint32_t)buffer[2] << 16)
++            | ((uint32_t)buffer[1] << 8)
++            | (uint32_t)buffer[0]);
++}
++
+diff --git a/server/encrypt.c b/server/encrypt.c
+new file mode 100644
+index 0000000..37dd5cd
+--- /dev/null
++++ b/server/encrypt.c
+@@ -0,0 +1,1645 @@
++/*
++ * encrypt.c - Manage the global encryptor
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#include <stdint.h>
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#if defined(USE_CRYPTO_OPENSSL)
++
++#include <openssl/md5.h>
++#include <openssl/rand.h>
++#include <openssl/hmac.h>
++#include <openssl/aes.h>
++
++#elif defined(USE_CRYPTO_POLARSSL)
++
++#include <polarssl/md5.h>
++#include <polarssl/sha1.h>
++#include <polarssl/aes.h>
++#include <polarssl/entropy.h>
++#include <polarssl/ctr_drbg.h>
++#include <polarssl/version.h>
++#define CIPHER_UNSUPPORTED "unsupported"
++
++#include <time.h>
++#ifdef _WIN32
++#include <windows.h>
++#include <wincrypt.h>
++#else
++#include <stdio.h>
++#endif
++
++#elif defined(USE_CRYPTO_MBEDTLS)
++
++#include <mbedtls/md5.h>
++#include <mbedtls/entropy.h>
++#include <mbedtls/ctr_drbg.h>
++#include <mbedtls/version.h>
++#include <mbedtls/aes.h>
++#define CIPHER_UNSUPPORTED "unsupported"
++
++#include <time.h>
++#ifdef _WIN32
++#include <windows.h>
++#include <wincrypt.h>
++#else
++#include <stdio.h>
++#endif
++
++#endif
++
++#include <sodium.h>
++
++#ifndef __MINGW32__
++#include <arpa/inet.h>
++#endif
++
++#include "cache.h"
++#include "encrypt.h"
++#include "utils.h"
++
++#define OFFSET_ROL(p, o) ((uint64_t)(*(p + o)) << (8 * o))
++
++static uint8_t *enc_table;
++static uint8_t *dec_table;
++static uint8_t enc_key[MAX_KEY_LENGTH];
++static int enc_key_len;
++static int enc_iv_len;
++static int enc_method;
++
++static struct cache *iv_cache;
++
++#ifdef DEBUG
++static void
++dump(char *tag, char *text, int len)
++{
++    int i;
++    printf("%s: ", tag);
++    for (i = 0; i < len; i++)
++        printf("0x%02x ", (uint8_t)text[i]);
++    printf("\n");
++}
++
++#endif
++
++static const char *supported_ciphers[CIPHER_NUM] = {
++    "table",
++    "rc4",
++    "rc4-md5-6",
++    "rc4-md5",
++    "aes-128-cfb",
++    "aes-192-cfb",
++    "aes-256-cfb",
++    "aes-128-ctr",
++    "aes-192-ctr",
++    "aes-256-ctr",
++    "bf-cfb",
++    "camellia-128-cfb",
++    "camellia-192-cfb",
++    "camellia-256-cfb",
++    "cast5-cfb",
++    "des-cfb",
++    "idea-cfb",
++    "rc2-cfb",
++    "seed-cfb",
++    "salsa20",
++    "chacha20",
++    "chacha20-ietf"
++};
++
++#ifdef USE_CRYPTO_POLARSSL
++static const char *supported_ciphers_polarssl[CIPHER_NUM] = {
++    "table",
++    "ARC4-128",
++    "ARC4-128",
++    "ARC4-128",
++    "AES-128-CFB128",
++    "AES-192-CFB128",
++    "AES-256-CFB128",
++    "AES-128-CTR",
++    "AES-192-CTR",
++    "AES-256-CTR",
++    "BLOWFISH-CFB64",
++    "CAMELLIA-128-CFB128",
++    "CAMELLIA-192-CFB128",
++    "CAMELLIA-256-CFB128",
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    "salsa20",
++    "chacha20",
++    "chacha20-ietf"
++};
++#endif
++
++#ifdef USE_CRYPTO_MBEDTLS
++static const char *supported_ciphers_mbedtls[CIPHER_NUM] = {
++    "table",
++    "ARC4-128",
++    "ARC4-128",
++    "ARC4-128",
++    "AES-128-CFB128",
++    "AES-192-CFB128",
++    "AES-256-CFB128",
++    "AES-128-CTR",
++    "AES-192-CTR",
++    "AES-256-CTR",
++    "BLOWFISH-CFB64",
++    "CAMELLIA-128-CFB128",
++    "CAMELLIA-192-CFB128",
++    "CAMELLIA-256-CFB128",
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    CIPHER_UNSUPPORTED,
++    "salsa20",
++    "chacha20",
++    "chacha20-ietf"
++};
++#endif
++
++#ifdef USE_CRYPTO_APPLECC
++static const CCAlgorithm supported_ciphers_applecc[CIPHER_NUM] = {
++    kCCAlgorithmInvalid,
++    kCCAlgorithmRC4,
++    kCCAlgorithmRC4,
++    kCCAlgorithmRC4,
++    kCCAlgorithmAES,
++    kCCAlgorithmAES,
++    kCCAlgorithmAES,
++    kCCAlgorithmAES,
++    kCCAlgorithmAES,
++    kCCAlgorithmAES,
++    kCCAlgorithmBlowfish,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmCAST,
++    kCCAlgorithmDES,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmRC2,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid
++};
++
++static const CCMode supported_modes_applecc[CIPHER_NUM] = {
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCModeRC4,
++    kCCModeRC4,
++    kCCModeCFB,
++    kCCModeCFB,
++    kCCModeCFB,
++    kCCModeCTR,
++    kCCModeCTR,
++    kCCModeCTR,
++    kCCModeCFB,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCModeCFB,
++    kCCModeCFB,
++    kCCModeCFB,
++    kCCModeCFB,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid,
++    kCCAlgorithmInvalid
++};
++#endif
++
++static const int supported_ciphers_iv_size[CIPHER_NUM] = {
++    0,  0,  6, 16, 16, 16, 16, 16, 16, 16,  8, 16, 16, 16,  8,  8,  8,  8, 16,  8,  8, 12
++};
++
++static const int supported_ciphers_key_size[CIPHER_NUM] = {
++    0, 16, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16,  8, 16, 16, 16, 32, 32, 32
++};
++
++static int
++safe_memcmp(const void *s1, const void *s2, size_t n)
++{
++    const unsigned char *_s1 = (const unsigned char *)s1;
++    const unsigned char *_s2 = (const unsigned char *)s2;
++    int ret                  = 0;
++    size_t i;
++    for (i = 0; i < n; i++)
++        ret |= _s1[i] ^ _s2[i];
++    return !!ret;
++}
++
++int
++balloc(buffer_t *ptr, size_t capacity)
++{
++    sodium_memzero(ptr, sizeof(buffer_t));
++    ptr->array    = ss_malloc(capacity);
++    ptr->capacity = capacity;
++    return capacity;
++}
++
++int
++brealloc(buffer_t *ptr, size_t len, size_t capacity)
++{
++    if (ptr == NULL)
++        return -1;
++    size_t real_capacity = max(len, capacity);
++    if (ptr->capacity < real_capacity) {
++        ptr->array    = ss_realloc(ptr->array, real_capacity);
++        ptr->capacity = real_capacity;
++    }
++    return real_capacity;
++}
++
++void
++bfree(buffer_t *ptr)
++{
++    if (ptr == NULL)
++        return;
++    ptr->idx      = 0;
++    ptr->len      = 0;
++    ptr->capacity = 0;
++    if (ptr->array != NULL) {
++        ss_free(ptr->array);
++    }
++}
++
++static int
++crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
++                     const uint8_t *n, uint64_t ic, const uint8_t *k,
++                     int method)
++{
++    switch (method) {
++    case SALSA20:
++        return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k);
++    case CHACHA20:
++        return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k);
++    case CHACHA20IETF:
++        return crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, n, (uint32_t)ic, k);
++    }
++    // always return 0
++    return 0;
++}
++
++static int
++random_compare(const void *_x, const void *_y, uint32_t i,
++               uint64_t a)
++{
++    uint8_t x = *((uint8_t *)_x);
++    uint8_t y = *((uint8_t *)_y);
++    return a % (x + i) - a % (y + i);
++}
++
++static void
++merge(uint8_t *left, int llength, uint8_t *right,
++      int rlength, uint32_t salt, uint64_t key)
++{
++    uint8_t *ltmp = (uint8_t *)malloc(llength * sizeof(uint8_t));
++    uint8_t *rtmp = (uint8_t *)malloc(rlength * sizeof(uint8_t));
++
++    uint8_t *ll = ltmp;
++    uint8_t *rr = rtmp;
++
++    uint8_t *result = left;
++
++    memcpy(ltmp, left, llength * sizeof(uint8_t));
++    memcpy(rtmp, right, rlength * sizeof(uint8_t));
++
++    while (llength > 0 && rlength > 0) {
++        if (random_compare(ll, rr, salt, key) <= 0) {
++            *result = *ll;
++            ++ll;
++            --llength;
++        } else {
++            *result = *rr;
++            ++rr;
++            --rlength;
++        }
++        ++result;
++    }
++
++    if (llength > 0) {
++        while (llength > 0) {
++            *result = *ll;
++            ++result;
++            ++ll;
++            --llength;
++        }
++    } else {
++        while (rlength > 0) {
++            *result = *rr;
++            ++result;
++            ++rr;
++            --rlength;
++        }
++    }
++
++    ss_free(ltmp);
++    ss_free(rtmp);
++}
++
++static void
++merge_sort(uint8_t array[], int length,
++           uint32_t salt, uint64_t key)
++{
++    uint8_t middle;
++    uint8_t *left, *right;
++    int llength;
++
++    if (length <= 1) {
++        return;
++    }
++
++    middle = length / 2;
++
++    llength = length - middle;
++
++    left  = array;
++    right = array + llength;
++
++    merge_sort(left, llength, salt, key);
++    merge_sort(right, middle, salt, key);
++    merge(left, llength, right, middle, salt, key);
++}
++
++int
++enc_get_iv_len()
++{
++    return enc_iv_len;
++}
++
++uint8_t* enc_get_key()
++{
++    return enc_key;
++}
++
++int enc_get_key_len()
++{
++    return enc_key_len;
++}
++
++unsigned char *enc_md5(const unsigned char *d, size_t n, unsigned char *md)
++{
++#if defined(USE_CRYPTO_OPENSSL)
++    return MD5(d, n, md);
++#elif defined(USE_CRYPTO_POLARSSL)
++    static unsigned char m[16];
++    if (md == NULL) {
++        md = m;
++    }
++    md5(d, n, md);
++    return md;
++#elif defined(USE_CRYPTO_MBEDTLS)
++    static unsigned char m[16];
++    if (md == NULL) {
++        md = m;
++    }
++    mbedtls_md5(d, n, md);
++    return md;
++#endif
++}
++
++void
++enc_table_init(const char *pass)
++{
++    uint32_t i;
++    uint64_t key = 0;
++    uint8_t *digest;
++
++    enc_table = ss_malloc(256);
++    dec_table = ss_malloc(256);
++
++    digest = enc_md5((const uint8_t *)pass, strlen(pass), NULL);
++
++    for (i = 0; i < 8; i++)
++        key += OFFSET_ROL(digest, i);
++
++    for (i = 0; i < 256; ++i)
++        enc_table[i] = i;
++    for (i = 1; i < 1024; ++i)
++        merge_sort(enc_table, 256, i, key);
++    for (i = 0; i < 256; ++i)
++        // gen decrypt table from encrypt table
++        dec_table[enc_table[i]] = i;
++}
++
++int
++cipher_iv_size(const cipher_t *cipher)
++{
++#if defined(USE_CRYPTO_OPENSSL)
++    if (cipher->info == NULL)
++        return cipher->iv_len;
++    else
++        return EVP_CIPHER_iv_length(cipher->info);
++#elif defined(USE_CRYPTO_POLARSSL) || defined(USE_CRYPTO_MBEDTLS)
++    if (cipher == NULL) {
++        return 0;
++    }
++    return cipher->info->iv_size;
++#endif
++}
++
++int
++cipher_key_size(const cipher_t *cipher)
++{
++#if defined(USE_CRYPTO_OPENSSL)
++    if (cipher->info == NULL)
++        return cipher->key_len;
++    else
++        return EVP_CIPHER_key_length(cipher->info);
++#elif defined(USE_CRYPTO_POLARSSL)
++    if (cipher == NULL) {
++        return 0;
++    }
++    /* Override PolarSSL 32 bit default key size with sane 128 bit default */
++    if (cipher->info->base != NULL && POLARSSL_CIPHER_ID_BLOWFISH ==
++        cipher->info->base->cipher) {
++        return 128 / 8;
++    }
++    return cipher->info->key_length / 8;
++#elif defined(USE_CRYPTO_MBEDTLS)
++    /*
++     * Semi-API changes (technically public, morally private)
++     * Renamed a few headers to include _internal in the name. Those headers are
++     * not supposed to be included by users.
++     * Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
++     * Changed pk_info_t into an opaque structure.
++     * Changed cipher_base_t into an opaque structure.
++     */
++    if (cipher == NULL) {
++        return 0;
++    }
++    /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
++    return cipher->info->key_bitlen / 8;
++#endif
++}
++
++void
++bytes_to_key_with_size(const char *pass, size_t len, uint8_t *md, size_t md_size)
++{
++    uint8_t result[128];
++    enc_md5((const unsigned char *)pass, len, result);
++    memcpy(md, result, 16);
++    int i = 16;
++    for (; i < md_size; i += 16) {
++        memcpy(result + 16, pass, len);
++        enc_md5(result, 16 + len, result);
++        memcpy(md + i, result, 16);
++    }
++}
++
++int
++bytes_to_key(const cipher_t *cipher, const digest_type_t *md,
++             const uint8_t *pass, uint8_t *key)
++{
++    size_t datal;
++    datal = strlen((const char *)pass);
++
++#if defined(USE_CRYPTO_OPENSSL)
++
++    MD5_CTX c;
++    unsigned char md_buf[MAX_MD_SIZE];
++    int nkey;
++    int addmd;
++    unsigned int i, j, mds;
++
++    mds  = 16;
++    nkey = cipher_key_size(cipher);
++    if (pass == NULL)
++        return nkey;
++    memset(&c, 0, sizeof(MD5_CTX));
++
++    for (j = 0, addmd = 0; j < nkey; addmd++) {
++        MD5_Init(&c);
++        if (addmd) {
++            MD5_Update(&c, md_buf, mds);
++        }
++        MD5_Update(&c, pass, datal);
++        MD5_Final(md_buf, &c);
++
++        for (i = 0; i < mds; i++, j++) {
++            if (j >= nkey)
++                break;
++            key[j] = md_buf[i];
++        }
++    }
++
++    return nkey;
++
++#elif defined(USE_CRYPTO_POLARSSL)
++    md_context_t c;
++    unsigned char md_buf[MAX_MD_SIZE];
++    int nkey;
++    int addmd;
++    unsigned int i, j, mds;
++
++    nkey = cipher_key_size(cipher);
++    mds  = md_get_size(md);
++    memset(&c, 0, sizeof(md_context_t));
++
++    if (pass == NULL)
++        return nkey;
++    if (md_init_ctx(&c, md))
++        return 0;
++
++    for (j = 0, addmd = 0; j < nkey; addmd++) {
++        md_starts(&c);
++        if (addmd) {
++            md_update(&c, md_buf, mds);
++        }
++        md_update(&c, pass, datal);
++        md_finish(&c, md_buf);
++
++        for (i = 0; i < mds; i++, j++) {
++            if (j >= nkey)
++                break;
++            key[j] = md_buf[i];
++        }
++    }
++
++    md_free_ctx(&c);
++    return nkey;
++
++#elif defined(USE_CRYPTO_MBEDTLS)
++
++    mbedtls_md_context_t c;
++    unsigned char md_buf[MAX_MD_SIZE];
++    int nkey;
++    int addmd;
++    unsigned int i, j, mds;
++
++    nkey = cipher_key_size(cipher);
++    mds  = mbedtls_md_get_size(md);
++    memset(&c, 0, sizeof(mbedtls_md_context_t));
++
++    if (pass == NULL)
++        return nkey;
++    if (mbedtls_md_setup(&c, md, 1))
++        return 0;
++
++    for (j = 0, addmd = 0; j < nkey; addmd++) {
++        mbedtls_md_starts(&c);
++        if (addmd) {
++            mbedtls_md_update(&c, md_buf, mds);
++        }
++        mbedtls_md_update(&c, pass, datal);
++        mbedtls_md_finish(&c, &(md_buf[0]));
++
++        for (i = 0; i < mds; i++, j++) {
++            if (j >= nkey)
++                break;
++            key[j] = md_buf[i];
++        }
++    }
++
++    mbedtls_md_free(&c);
++    return nkey;
++#endif
++}
++
++int
++rand_bytes(uint8_t *output, int len)
++{
++    randombytes_buf(output, len);
++    // always return success
++    return 0;
++}
++
++const cipher_kt_t *
++get_cipher_type(int method)
++{
++    if (method <= TABLE || method >= CIPHER_NUM) {
++        LOGE("get_cipher_type(): Illegal method");
++        return NULL;
++    }
++
++    if (method == RC4_MD5 || method == RC4_MD5_6) {
++        method = RC4;
++    }
++
++    if (method >= SALSA20) {
++        return NULL;
++    }
++
++    const char *ciphername = supported_ciphers[method];
++#if defined(USE_CRYPTO_OPENSSL)
++    return EVP_get_cipherbyname(ciphername);
++#elif defined(USE_CRYPTO_POLARSSL)
++    const char *polarname = supported_ciphers_polarssl[method];
++    if (strcmp(polarname, CIPHER_UNSUPPORTED) == 0) {
++        LOGE("Cipher %s currently is not supported by PolarSSL library",
++             ciphername);
++        return NULL;
++    }
++    return cipher_info_from_string(polarname);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    const char *mbedtlsname = supported_ciphers_mbedtls[method];
++    if (strcmp(mbedtlsname, CIPHER_UNSUPPORTED) == 0) {
++        LOGE("Cipher %s currently is not supported by mbed TLS library",
++             ciphername);
++        return NULL;
++    }
++    return mbedtls_cipher_info_from_string(mbedtlsname);
++#endif
++}
++
++const digest_type_t *
++get_digest_type(const char *digest)
++{
++    if (digest == NULL) {
++        LOGE("get_digest_type(): Digest name is null");
++        return NULL;
++    }
++
++#if defined(USE_CRYPTO_OPENSSL)
++    return EVP_get_digestbyname(digest);
++#elif defined(USE_CRYPTO_POLARSSL)
++    return md_info_from_string(digest);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    return mbedtls_md_info_from_string(digest);
++#endif
++}
++
++void
++cipher_context_init(cipher_ctx_t *ctx, int method, int enc)
++{
++    if (method <= TABLE || method >= CIPHER_NUM) {
++        LOGE("cipher_context_init(): Illegal method");
++        return;
++    }
++
++    if (method >= SALSA20) {
++        enc_iv_len = supported_ciphers_iv_size[method];
++        return;
++    }
++
++    const char *ciphername = supported_ciphers[method];
++#if defined(USE_CRYPTO_APPLECC)
++    cipher_cc_t *cc = &ctx->cc;
++    cc->cryptor = NULL;
++    cc->cipher  = supported_ciphers_applecc[method];
++    if (cc->cipher == kCCAlgorithmInvalid) {
++        cc->valid = kCCContextInvalid;
++    } else {
++        cc->valid = kCCContextValid;
++        if (cc->cipher == kCCAlgorithmRC4) {
++            cc->mode    = supported_modes_applecc[method];
++            cc->padding = ccNoPadding;
++        } else {
++            cc->mode = supported_modes_applecc[method];
++            if (cc->mode == kCCModeCTR) {
++                cc->padding = ccNoPadding;
++            } else {
++                cc->padding = ccPKCS7Padding;
++            }
++        }
++        return;
++    }
++#endif
++
++    const cipher_kt_t *cipher = get_cipher_type(method);
++
++#if defined(USE_CRYPTO_OPENSSL)
++    ctx->evp = EVP_CIPHER_CTX_new();
++    cipher_evp_t *evp = ctx->evp;
++
++    if (cipher == NULL) {
++        LOGE("Cipher %s not found in OpenSSL library", ciphername);
++        FATAL("Cannot initialize cipher");
++    }
++    if (!EVP_CipherInit_ex(evp, cipher, NULL, NULL, NULL, enc)) {
++        LOGE("Cannot initialize cipher %s", ciphername);
++        exit(EXIT_FAILURE);
++    }
++    if (!EVP_CIPHER_CTX_set_key_length(evp, enc_key_len)) {
++        EVP_CIPHER_CTX_cleanup(evp);
++        LOGE("Invalid key length: %d", enc_key_len);
++        exit(EXIT_FAILURE);
++    }
++    if (method > RC4_MD5) {
++        EVP_CIPHER_CTX_set_padding(evp, 1);
++    }
++#elif defined(USE_CRYPTO_POLARSSL)
++    ctx->evp = (cipher_evp_t *)ss_malloc(sizeof(cipher_evp_t));
++    cipher_evp_t *evp = ctx->evp;
++
++    if (cipher == NULL) {
++        LOGE("Cipher %s not found in PolarSSL library", ciphername);
++        FATAL("Cannot initialize PolarSSL cipher");
++    }
++    if (cipher_init_ctx(evp, cipher) != 0) {
++        FATAL("Cannot initialize PolarSSL cipher context");
++    }
++#elif defined(USE_CRYPTO_MBEDTLS)
++    ctx->evp = (cipher_evp_t *)ss_malloc(sizeof(cipher_evp_t));
++    cipher_evp_t *evp = ctx->evp;
++
++    if (cipher == NULL) {
++        LOGE("Cipher %s not found in mbed TLS library", ciphername);
++        FATAL("Cannot initialize mbed TLS cipher");
++    }
++    mbedtls_cipher_init(evp);
++    if (mbedtls_cipher_setup(evp, cipher) != 0) {
++        FATAL("Cannot initialize mbed TLS cipher context");
++    }
++#endif
++}
++
++void
++cipher_context_set_iv(cipher_ctx_t *ctx, uint8_t *iv, size_t iv_len,
++                      int enc)
++{
++    const unsigned char *true_key;
++
++    if (iv == NULL) {
++        LOGE("cipher_context_set_iv(): IV is null");
++        return;
++    }
++
++    if (!enc) {
++        memcpy(ctx->iv, iv, iv_len);
++    }
++
++    if (enc_method >= SALSA20) {
++        return;
++    }
++
++    if (enc_method == RC4_MD5 || enc_method == RC4_MD5_6) {
++        unsigned char key_iv[32];
++        memcpy(key_iv, enc_key, 16);
++        memcpy(key_iv + 16, iv, iv_len);
++        true_key = enc_md5(key_iv, 16 + iv_len, NULL);
++        iv_len   = 0;
++    } else {
++        true_key = enc_key;
++    }
++
++#ifdef USE_CRYPTO_APPLECC
++    cipher_cc_t *cc = &ctx->cc;
++    if (cc->valid == kCCContextValid) {
++        memcpy(cc->iv, iv, iv_len);
++        memcpy(cc->key, true_key, enc_key_len);
++        cc->iv_len  = iv_len;
++        cc->key_len = enc_key_len;
++        cc->encrypt = enc ? kCCEncrypt : kCCDecrypt;
++        if (cc->cryptor != NULL) {
++            CCCryptorRelease(cc->cryptor);
++            cc->cryptor = NULL;
++        }
++
++        CCCryptorStatus ret;
++        ret = CCCryptorCreateWithMode(
++            cc->encrypt,
++            cc->mode,
++            cc->cipher,
++            cc->padding,
++            cc->iv, cc->key, cc->key_len,
++            NULL, 0, 0, kCCModeOptionCTR_BE,
++            &cc->cryptor);
++        if (ret != kCCSuccess) {
++            if (cc->cryptor != NULL) {
++                CCCryptorRelease(cc->cryptor);
++                cc->cryptor = NULL;
++            }
++            FATAL("Cannot set CommonCrypto key and IV");
++        }
++        return;
++    }
++#endif
++
++    cipher_evp_t *evp = ctx->evp;
++    if (evp == NULL) {
++        LOGE("cipher_context_set_iv(): Cipher context is null");
++        return;
++    }
++#if defined(USE_CRYPTO_OPENSSL)
++    if (!EVP_CipherInit_ex(evp, NULL, NULL, true_key, iv, enc)) {
++        EVP_CIPHER_CTX_cleanup(evp);
++        FATAL("Cannot set key and IV");
++    }
++#elif defined(USE_CRYPTO_POLARSSL)
++    // XXX: PolarSSL 1.3.11: cipher_free_ctx deprecated, Use cipher_free() instead.
++    if (cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
++        cipher_free_ctx(evp);
++        FATAL("Cannot set PolarSSL cipher key");
++    }
++#if POLARSSL_VERSION_NUMBER >= 0x01030000
++    if (cipher_set_iv(evp, iv, iv_len) != 0) {
++        cipher_free_ctx(evp);
++        FATAL("Cannot set PolarSSL cipher IV");
++    }
++    if (cipher_reset(evp) != 0) {
++        cipher_free_ctx(evp);
++        FATAL("Cannot finalize PolarSSL cipher context");
++    }
++#else
++    if (cipher_reset(evp, iv) != 0) {
++        cipher_free_ctx(evp);
++        FATAL("Cannot set PolarSSL cipher IV");
++    }
++#endif
++#elif defined(USE_CRYPTO_MBEDTLS)
++    if (mbedtls_cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
++        mbedtls_cipher_free(evp);
++        FATAL("Cannot set mbed TLS cipher key");
++    }
++
++    if (mbedtls_cipher_set_iv(evp, iv, iv_len) != 0) {
++        mbedtls_cipher_free(evp);
++        FATAL("Cannot set mbed TLS cipher IV");
++    }
++    if (mbedtls_cipher_reset(evp) != 0) {
++        mbedtls_cipher_free(evp);
++        FATAL("Cannot finalize mbed TLS cipher context");
++    }
++#endif
++
++#ifdef DEBUG
++    dump("IV", (char *)iv, iv_len);
++#endif
++}
++
++void
++cipher_context_release(cipher_ctx_t *ctx)
++{
++    if (enc_method >= SALSA20) {
++        return;
++    }
++
++#ifdef USE_CRYPTO_APPLECC
++    cipher_cc_t *cc = &ctx->cc;
++    if (cc->cryptor != NULL) {
++        CCCryptorRelease(cc->cryptor);
++        cc->cryptor = NULL;
++    }
++    if (cc->valid == kCCContextValid) {
++        return;
++    }
++#endif
++
++#if defined(USE_CRYPTO_OPENSSL)
++    EVP_CIPHER_CTX_free(ctx->evp);
++#elif defined(USE_CRYPTO_POLARSSL)
++// NOTE: cipher_free_ctx deprecated in PolarSSL 1.3.11
++    cipher_free_ctx(ctx->evp);
++    ss_free(ctx->evp);
++#elif defined(USE_CRYPTO_MBEDTLS)
++// NOTE: cipher_free_ctx deprecated
++    mbedtls_cipher_free(ctx->evp);
++    ss_free(ctx->evp);
++#endif
++}
++
++static int
++cipher_context_update(cipher_ctx_t *ctx, uint8_t *output, size_t *olen,
++                      const uint8_t *input, size_t ilen)
++{
++#ifdef USE_CRYPTO_APPLECC
++    cipher_cc_t *cc = &ctx->cc;
++    if (cc->valid == kCCContextValid) {
++        CCCryptorStatus ret;
++        ret = CCCryptorUpdate(cc->cryptor, input, ilen, output,
++                              ilen, olen);
++        return (ret == kCCSuccess) ? 1 : 0;
++    }
++#endif
++    cipher_evp_t *evp = ctx->evp;
++#if defined(USE_CRYPTO_OPENSSL)
++    int err = 0, tlen = *olen;
++    err = EVP_CipherUpdate(evp, (uint8_t *)output, &tlen,
++                           (const uint8_t *)input, ilen);
++    *olen = tlen;
++    return err;
++#elif defined(USE_CRYPTO_POLARSSL)
++    return !cipher_update(evp, (const uint8_t *)input, ilen,
++                          (uint8_t *)output, olen);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    return !mbedtls_cipher_update(evp, (const uint8_t *)input, ilen,
++                                  (uint8_t *)output, olen);
++#endif
++}
++int ss_md5_hmac(char *auth, char *msg, int msg_len, uint8_t *iv)
++{
++    uint8_t hash[MD5_BYTES];
++    uint8_t auth_key[MAX_IV_LENGTH + MAX_KEY_LENGTH];
++    memcpy(auth_key, iv, enc_iv_len);
++    memcpy(auth_key + enc_iv_len, enc_key, enc_key_len);
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_md5(), auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_MD5), auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    md5_hmac(auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, MD5_BYTES);
++
++    return 0;
++}
++
++int ss_md5_hmac_with_key(char *auth, char *msg, int msg_len, uint8_t *auth_key, int key_len)
++{
++    uint8_t hash[MD5_BYTES];
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_md5(), auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_MD5), auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    md5_hmac(auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, MD5_BYTES);
++
++    return 0;
++}
++
++int ss_md5_hash_func(char *auth, char *msg, int msg_len)
++{
++    uint8_t hash[MD5_BYTES];
++
++#if defined(USE_CRYPTO_OPENSSL)
++    MD5((uint8_t *)msg, msg_len, (uint8_t *)hash);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_MD5), (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    md5((uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, MD5_BYTES);
++
++    return 0;
++}
++
++int ss_sha1_hmac(char *auth, char *msg, int msg_len, uint8_t *iv)
++{
++    uint8_t hash[SHA1_BYTES];
++    uint8_t auth_key[MAX_IV_LENGTH + MAX_KEY_LENGTH];
++    memcpy(auth_key, iv, enc_iv_len);
++    memcpy(auth_key + enc_iv_len, enc_key, enc_key_len);
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_sha1(), auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    sha1_hmac(auth_key, enc_iv_len + enc_key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, SHA1_BYTES);
++
++    return 0;
++}
++
++int ss_sha1_hmac_with_key(char *auth, char *msg, int msg_len, uint8_t *auth_key, int key_len)
++{
++    uint8_t hash[SHA1_BYTES];
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_sha1(), auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    sha1_hmac(auth_key, key_len, (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, SHA1_BYTES);
++
++    return 0;
++}
++
++int ss_sha1_hash_func(char *auth, char *msg, int msg_len)
++{
++    uint8_t hash[SHA1_BYTES];
++#if defined(USE_CRYPTO_OPENSSL)
++    SHA1((uint8_t *)msg, msg_len, (uint8_t *)hash);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), (uint8_t *)msg, msg_len, (uint8_t *)hash);
++#else
++    sha1((uint8_t *)msg, msg_len, (uint8_t *)hash);
++#endif
++
++    memcpy(auth, hash, SHA1_BYTES);
++
++    return 0;
++}
++
++int ss_aes_128_cbc(char *encrypt, char *out_data, char *key)
++{
++    unsigned char iv[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
++
++#if defined(USE_CRYPTO_OPENSSL)
++    AES_KEY aes;
++    AES_set_encrypt_key((unsigned char*)key, 128, &aes);
++    AES_cbc_encrypt((const unsigned char *)encrypt, (unsigned char *)out_data, 16, &aes, iv, AES_ENCRYPT);
++
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_aes_context aes;
++
++    unsigned char output[16];
++
++    mbedtls_aes_setkey_enc( &aes, (unsigned char *)key, 128 );
++    mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, 16, iv, (unsigned char *)encrypt, output );
++
++    memcpy(out_data, output, 16);
++#else
++
++    aes_context aes;
++
++    unsigned char output[16];
++
++    aes_setkey_enc( &aes, (unsigned char *)key, 128 );
++    aes_crypt_cbc( &aes, AES_ENCRYPT, 16, iv, (unsigned char *)encrypt, output );
++
++    memcpy(out_data, output, 16);
++#endif
++
++    return 0;
++}
++
++int ss_onetimeauth(buffer_t *buf, uint8_t *iv, size_t capacity)
++{
++    uint8_t hash[ONETIMEAUTH_BYTES * 2];
++    uint8_t auth_key[MAX_IV_LENGTH + MAX_KEY_LENGTH];
++    memcpy(auth_key, iv, enc_iv_len);
++    memcpy(auth_key + enc_iv_len, enc_key, enc_key_len);
++
++    brealloc(buf, ONETIMEAUTH_BYTES + buf->len, capacity);
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_sha1(), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len, (uint8_t *)hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(
++                        MBEDTLS_MD_SHA1), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len,
++                    (uint8_t *)hash);
++#else
++    sha1_hmac(auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, buf->len, (uint8_t *)hash);
++#endif
++
++    memcpy(buf->array + buf->len, hash, ONETIMEAUTH_BYTES);
++    buf->len += ONETIMEAUTH_BYTES;
++
++    return 0;
++}
++
++int
++ss_onetimeauth_verify(buffer_t *buf, uint8_t *iv)
++{
++    uint8_t hash[ONETIMEAUTH_BYTES * 2];
++    uint8_t auth_key[MAX_IV_LENGTH + MAX_KEY_LENGTH];
++    memcpy(auth_key, iv, enc_iv_len);
++    memcpy(auth_key + enc_iv_len, enc_key, enc_key_len);
++    size_t len = buf->len - ONETIMEAUTH_BYTES;
++
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_sha1(), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, len, hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(
++                        MBEDTLS_MD_SHA1), auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, len, hash);
++#else
++    sha1_hmac(auth_key, enc_iv_len + enc_key_len, (uint8_t *)buf->array, len, hash);
++#endif
++
++    return safe_memcmp(buf->array + len, hash, ONETIMEAUTH_BYTES);
++}
++
++int
++ss_encrypt_all(buffer_t *plain, int method, int auth, size_t capacity)
++{
++    if (method > TABLE) {
++        cipher_ctx_t evp;
++        cipher_context_init(&evp, method, 1);
++
++        size_t iv_len = enc_iv_len;
++        int err       = 1;
++
++        static buffer_t tmp = { 0, 0, 0, NULL };
++        brealloc(&tmp, iv_len + plain->len, capacity);
++        buffer_t *cipher = &tmp;
++        cipher->len = plain->len;
++
++        uint8_t iv[MAX_IV_LENGTH];
++
++        rand_bytes(iv, iv_len);
++        cipher_context_set_iv(&evp, iv, iv_len, 1);
++        memcpy(cipher->array, iv, iv_len);
++
++        if (auth) {
++            ss_onetimeauth(plain, iv, capacity);
++            cipher->len = plain->len;
++        }
++
++        if (method >= SALSA20) {
++            crypto_stream_xor_ic((uint8_t *)(cipher->array + iv_len),
++                                 (const uint8_t *)plain->array, (uint64_t)(plain->len),
++                                 (const uint8_t *)iv,
++                                 0, enc_key, method);
++        } else {
++            err = cipher_context_update(&evp, (uint8_t *)(cipher->array + iv_len),
++                                        &cipher->len, (const uint8_t *)plain->array,
++                                        plain->len);
++        }
++
++        if (!err) {
++            bfree(plain);
++            cipher_context_release(&evp);
++            return -1;
++        }
++
++#ifdef DEBUG
++        dump("PLAIN", plain->array, plain->len);
++        dump("CIPHER", cipher->array + iv_len, cipher->len);
++#endif
++
++        cipher_context_release(&evp);
++
++        brealloc(plain, iv_len + cipher->len, capacity);
++        memcpy(plain->array, cipher->array, iv_len + cipher->len);
++        plain->len = iv_len + cipher->len;
++
++        return 0;
++    } else {
++        char *begin = plain->array;
++        char *ptr   = plain->array;
++        while (ptr < begin + plain->len) {
++            *ptr = (char)enc_table[(uint8_t)*ptr];
++            ptr++;
++        }
++        return 0;
++    }
++}
++
++int
++ss_encrypt(buffer_t *plain, enc_ctx_t *ctx, size_t capacity)
++{
++    if (ctx != NULL) {
++        static buffer_t tmp = { 0, 0, 0, NULL };
++
++        int err       = 1;
++        size_t iv_len = 0;
++        if (!ctx->init) {
++            iv_len = enc_iv_len;
++        }
++
++        brealloc(&tmp, iv_len + plain->len, capacity);
++        buffer_t *cipher = &tmp;
++        cipher->len = plain->len;
++
++        if (!ctx->init) {
++            cipher_context_set_iv(&ctx->evp, ctx->evp.iv, iv_len, 1);
++            memcpy(cipher->array, ctx->evp.iv, iv_len);
++            ctx->counter = 0;
++            ctx->init    = 1;
++        }
++
++        if (enc_method >= SALSA20) {
++            int padding = ctx->counter % SODIUM_BLOCK_SIZE;
++            brealloc(cipher, iv_len + (padding + cipher->len) * 2, capacity);
++            if (padding) {
++                brealloc(plain, plain->len + padding, capacity);
++                memmove(plain->array + padding, plain->array, plain->len);
++                sodium_memzero(plain->array, padding);
++            }
++            crypto_stream_xor_ic((uint8_t *)(cipher->array + iv_len),
++                                 (const uint8_t *)plain->array,
++                                 (uint64_t)(plain->len + padding),
++                                 (const uint8_t *)ctx->evp.iv,
++                                 ctx->counter / SODIUM_BLOCK_SIZE, enc_key,
++                                 enc_method);
++            ctx->counter += plain->len;
++            if (padding) {
++                memmove(cipher->array + iv_len,
++                        cipher->array + iv_len + padding, cipher->len);
++            }
++        } else {
++            err =
++                cipher_context_update(&ctx->evp,
++                                      (uint8_t *)(cipher->array + iv_len),
++                                      &cipher->len, (const uint8_t *)plain->array,
++                                      plain->len);
++            if (!err) {
++                return -1;
++            }
++        }
++
++#ifdef DEBUG
++        dump("PLAIN", plain->array, plain->len);
++        dump("CIPHER", cipher->array + iv_len, cipher->len);
++#endif
++
++        brealloc(plain, iv_len + cipher->len, capacity);
++        memcpy(plain->array, cipher->array, iv_len + cipher->len);
++        plain->len = iv_len + cipher->len;
++
++        return 0;
++    } else {
++        char *begin = plain->array;
++        char *ptr   = plain->array;
++        while (ptr < begin + plain->len) {
++            *ptr = (char)enc_table[(uint8_t)*ptr];
++            ptr++;
++        }
++        return 0;
++    }
++}
++
++int
++ss_decrypt_all(buffer_t *cipher, int method, int auth, size_t capacity)
++{
++    if (method > TABLE) {
++        size_t iv_len = enc_iv_len;
++        int ret       = 1;
++
++        if (cipher->len <= iv_len) {
++            return -1;
++        }
++
++        cipher_ctx_t evp;
++        cipher_context_init(&evp, method, 0);
++
++        static buffer_t tmp = { 0, 0, 0, NULL };
++        brealloc(&tmp, cipher->len, capacity);
++        buffer_t *plain = &tmp;
++        plain->len = cipher->len - iv_len;
++
++        uint8_t iv[MAX_IV_LENGTH];
++        memcpy(iv, cipher->array, iv_len);
++        cipher_context_set_iv(&evp, iv, iv_len, 0);
++
++        if (method >= SALSA20) {
++            crypto_stream_xor_ic((uint8_t *)plain->array,
++                                 (const uint8_t *)(cipher->array + iv_len),
++                                 (uint64_t)(cipher->len - iv_len),
++                                 (const uint8_t *)iv, 0, enc_key, method);
++        } else {
++            ret = cipher_context_update(&evp, (uint8_t *)plain->array, &plain->len,
++                                        (const uint8_t *)(cipher->array + iv_len),
++                                        cipher->len - iv_len);
++        }
++
++        if (auth || (plain->array[0] & ONETIMEAUTH_FLAG)) {
++            if (plain->len > ONETIMEAUTH_BYTES) {
++                ret = !ss_onetimeauth_verify(plain, iv);
++                if (ret) {
++                    plain->len -= ONETIMEAUTH_BYTES;
++                }
++            } else {
++                ret = 0;
++            }
++        }
++
++        if (!ret) {
++            bfree(cipher);
++            cipher_context_release(&evp);
++            return -1;
++        }
++
++#ifdef DEBUG
++        dump("PLAIN", plain->array, plain->len);
++        dump("CIPHER", cipher->array + iv_len, cipher->len - iv_len);
++#endif
++
++        cipher_context_release(&evp);
++
++        brealloc(cipher, plain->len, capacity);
++        memcpy(cipher->array, plain->array, plain->len);
++        cipher->len = plain->len;
++
++        return 0;
++    } else {
++        char *begin = cipher->array;
++        char *ptr   = cipher->array;
++        while (ptr < begin + cipher->len) {
++            *ptr = (char)dec_table[(uint8_t)*ptr];
++            ptr++;
++        }
++        return 0;
++    }
++}
++
++int
++ss_decrypt(buffer_t *cipher, enc_ctx_t *ctx, size_t capacity)
++{
++    if (ctx != NULL) {
++        static buffer_t tmp = { 0, 0, 0, NULL };
++
++        size_t iv_len = 0;
++        int err       = 1;
++
++        brealloc(&tmp, cipher->len, capacity);
++        buffer_t *plain = &tmp;
++        plain->len = cipher->len;
++
++        if (!ctx->init) {
++            uint8_t iv[MAX_IV_LENGTH];
++            iv_len      = enc_iv_len;
++            plain->len -= iv_len;
++
++            memcpy(iv, cipher->array, iv_len);
++            cipher_context_set_iv(&ctx->evp, iv, iv_len, 0);
++            ctx->counter = 0;
++            ctx->init    = 1;
++
++            if (enc_method > RC4) {
++                if (cache_key_exist(iv_cache, (char *)iv, iv_len)) {
++                    bfree(cipher);
++                    return -1;
++                } else {
++                    cache_insert(iv_cache, (char *)iv, iv_len, NULL);
++                }
++            }
++        }
++
++        if (enc_method >= SALSA20) {
++            int padding = ctx->counter % SODIUM_BLOCK_SIZE;
++            brealloc(plain, (plain->len + padding) * 2, capacity);
++
++            if (padding) {
++                brealloc(cipher, cipher->len + padding, capacity);
++                memmove(cipher->array + iv_len + padding, cipher->array + iv_len,
++                        cipher->len - iv_len);
++                sodium_memzero(cipher->array + iv_len, padding);
++            }
++            crypto_stream_xor_ic((uint8_t *)plain->array,
++                                 (const uint8_t *)(cipher->array + iv_len),
++                                 (uint64_t)(cipher->len - iv_len + padding),
++                                 (const uint8_t *)ctx->evp.iv,
++                                 ctx->counter / SODIUM_BLOCK_SIZE, enc_key,
++                                 enc_method);
++            ctx->counter += cipher->len - iv_len;
++            if (padding) {
++                memmove(plain->array, plain->array + padding, plain->len);
++            }
++        } else {
++            err = cipher_context_update(&ctx->evp, (uint8_t *)plain->array, &plain->len,
++                                        (const uint8_t *)(cipher->array + iv_len),
++                                        cipher->len - iv_len);
++        }
++
++        if (!err) {
++            bfree(cipher);
++            return -1;
++        }
++
++#ifdef DEBUG
++        dump("PLAIN", plain->array, plain->len);
++        dump("CIPHER", cipher->array + iv_len, cipher->len - iv_len);
++#endif
++
++        brealloc(cipher, plain->len, capacity);
++        memcpy(cipher->array, plain->array, plain->len);
++        cipher->len = plain->len;
++
++        return 0;
++    } else {
++        char *begin = cipher->array;
++        char *ptr   = cipher->array;
++        while (ptr < begin + cipher->len) {
++            *ptr = (char)dec_table[(uint8_t)*ptr];
++            ptr++;
++        }
++        return 0;
++    }
++}
++
++void
++enc_ctx_init(int method, enc_ctx_t *ctx, int enc)
++{
++    sodium_memzero(ctx, sizeof(enc_ctx_t));
++    cipher_context_init(&ctx->evp, method, enc);
++
++    if (enc) {
++        rand_bytes(ctx->evp.iv, enc_iv_len);
++    }
++}
++
++void
++enc_key_init(int method, const char *pass)
++{
++    if (method <= TABLE || method >= CIPHER_NUM) {
++        LOGE("enc_key_init(): Illegal method");
++        return;
++    }
++
++    // Initialize cache
++    cache_create(&iv_cache, 256, NULL);
++
++#if defined(USE_CRYPTO_OPENSSL)
++    OpenSSL_add_all_algorithms();
++#else
++    cipher_kt_t cipher_info;
++#endif
++
++    cipher_t cipher;
++    memset(&cipher, 0, sizeof(cipher_t));
++
++    // Initialize sodium for random generator
++    if (sodium_init() == -1) {
++        FATAL("Failed to initialize sodium");
++    }
++
++    if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
++#if defined(USE_CRYPTO_OPENSSL)
++        cipher.info    = NULL;
++        cipher.key_len = supported_ciphers_key_size[method];
++        cipher.iv_len  = supported_ciphers_iv_size[method];
++#endif
++#if defined(USE_CRYPTO_POLARSSL)
++        cipher.info             = &cipher_info;
++        cipher.info->base       = NULL;
++        cipher.info->key_length = supported_ciphers_key_size[method] * 8;
++        cipher.info->iv_size    = supported_ciphers_iv_size[method];
++#endif
++#if defined(USE_CRYPTO_MBEDTLS)
++        // XXX: key_length changed to key_bitlen in mbed TLS 2.0.0
++        cipher.info             = &cipher_info;
++        cipher.info->base       = NULL;
++        cipher.info->key_bitlen = supported_ciphers_key_size[method] * 8;
++        cipher.info->iv_size    = supported_ciphers_iv_size[method];
++#endif
++    } else {
++        cipher.info = (cipher_kt_t *)get_cipher_type(method);
++    }
++
++    if (cipher.info == NULL && cipher.key_len == 0) {
++        do {
++#if defined(USE_CRYPTO_POLARSSL) && defined(USE_CRYPTO_APPLECC)
++            if (supported_ciphers_applecc[method] != kCCAlgorithmInvalid) {
++                cipher_info.base       = NULL;
++                cipher_info.key_length = supported_ciphers_key_size[method] * 8;
++                cipher_info.iv_size    = supported_ciphers_iv_size[method];
++                cipher.info            = (cipher_kt_t *)&cipher_info;
++                break;
++            }
++#endif
++#if defined(USE_CRYPTO_MBEDTLS) && defined(USE_CRYPTO_APPLECC)
++            // XXX: key_length changed to key_bitlen in mbed TLS 2.0.0
++            if (supported_ciphers_applecc[method] != kCCAlgorithmInvalid) {
++                cipher_info.base       = NULL;
++                cipher_info.key_bitlen = supported_ciphers_key_size[method] * 8;
++                cipher_info.iv_size    = supported_ciphers_iv_size[method];
++                cipher.info            = (cipher_kt_t *)&cipher_info;
++                break;
++            }
++#endif
++            LOGE("Cipher %s not found in crypto library", supported_ciphers[method]);
++            FATAL("Cannot initialize cipher");
++        } while (0);
++    }
++
++    const digest_type_t *md = get_digest_type("MD5");
++    if (md == NULL) {
++        FATAL("MD5 Digest not found in crypto library");
++    }
++
++    enc_key_len = bytes_to_key(&cipher, md, (const uint8_t *)pass, enc_key);
++
++    if (enc_key_len == 0) {
++        FATAL("Cannot generate key and IV");
++    }
++    if (method == RC4_MD5 || method == RC4_MD5_6) {
++        enc_iv_len = supported_ciphers_iv_size[method];
++    } else {
++        enc_iv_len = cipher_iv_size(&cipher);
++    }
++    enc_method = method;
++}
++
++int
++enc_init(const char *pass, const char *method)
++{
++    int m = TABLE;
++    if (method != NULL) {
++        for (m = TABLE; m < CIPHER_NUM; m++)
++            if (strcmp(method, supported_ciphers[m]) == 0) {
++                break;
++            }
++        if (m >= CIPHER_NUM) {
++            LOGE("Invalid cipher name: %s, use rc4-md5 instead", method);
++            m = RC4_MD5;
++        }
++    }
++    if (m == TABLE) {
++        enc_table_init(pass);
++    } else {
++        enc_key_init(m, pass);
++    }
++    return m;
++}
++
++int
++ss_check_hash(buffer_t *buf, chunk_t *chunk, enc_ctx_t *ctx, size_t capacity)
++{
++    int i, j, k;
++    ssize_t blen  = buf->len;
++    uint32_t cidx = chunk->idx;
++
++    brealloc(chunk->buf, chunk->len + blen, capacity);
++    brealloc(buf, chunk->len + blen, capacity);
++
++    for (i = 0, j = 0, k = 0; i < blen; i++) {
++        chunk->buf->array[cidx++] = buf->array[k++];
++
++        if (cidx == CLEN_BYTES) {
++            uint16_t clen = ntohs(*((uint16_t *)chunk->buf->array));
++            brealloc(chunk->buf, clen + AUTH_BYTES, capacity);
++            chunk->len = clen;
++        }
++
++        if (cidx == chunk->len + AUTH_BYTES) {
++            // Compare hash
++            uint8_t hash[ONETIMEAUTH_BYTES * 2];
++            uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
++
++            uint32_t c = htonl(chunk->counter);
++            memcpy(key, ctx->evp.iv, enc_iv_len);
++            memcpy(key + enc_iv_len, &c, sizeof(uint32_t));
++#if defined(USE_CRYPTO_OPENSSL)
++            HMAC(EVP_sha1(), key, enc_iv_len + sizeof(uint32_t),
++                 (uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++            mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), key, enc_iv_len + sizeof(uint32_t),
++                            (uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash);
++#else
++            sha1_hmac(key, enc_iv_len + sizeof(uint32_t),
++                      (uint8_t *)chunk->buf->array + AUTH_BYTES, chunk->len, hash);
++#endif
++
++            if (safe_memcmp(hash, chunk->buf->array + CLEN_BYTES, ONETIMEAUTH_BYTES) != 0) {
++                return 0;
++            }
++
++            // Copy chunk back to buffer
++            memmove(buf->array + j + chunk->len, buf->array + k, blen - i - 1);
++            memcpy(buf->array + j, chunk->buf->array + AUTH_BYTES, chunk->len);
++
++            // Reset the base offset
++            j   += chunk->len;
++            k    = j;
++            cidx = 0;
++            chunk->counter++;
++        }
++    }
++
++    buf->len   = j;
++    chunk->idx = cidx;
++    return 1;
++}
++
++int
++ss_gen_hash(buffer_t *buf, uint32_t *counter, enc_ctx_t *ctx, size_t capacity)
++{
++    ssize_t blen       = buf->len;
++    uint16_t chunk_len = htons((uint16_t)blen);
++    uint8_t hash[ONETIMEAUTH_BYTES * 2];
++    uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
++    uint32_t c = htonl(*counter);
++
++    brealloc(buf, AUTH_BYTES + blen, capacity);
++    memcpy(key, ctx->evp.iv, enc_iv_len);
++    memcpy(key + enc_iv_len, &c, sizeof(uint32_t));
++#if defined(USE_CRYPTO_OPENSSL)
++    HMAC(EVP_sha1(), key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash, NULL);
++#elif defined(USE_CRYPTO_MBEDTLS)
++    mbedtls_md_hmac(mbedtls_md_info_from_type(
++                        MBEDTLS_MD_SHA1), key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash);
++#else
++    sha1_hmac(key, enc_iv_len + sizeof(uint32_t), (uint8_t *)buf->array, blen, hash);
++#endif
++
++    memmove(buf->array + AUTH_BYTES, buf->array, blen);
++    memcpy(buf->array + CLEN_BYTES, hash, ONETIMEAUTH_BYTES);
++    memcpy(buf->array, &chunk_len, CLEN_BYTES);
++
++    *counter = *counter + 1;
++    buf->len = blen + AUTH_BYTES;
++
++    return 0;
++}
+diff --git a/server/encrypt.h b/server/encrypt.h
+new file mode 100644
+index 0000000..3bb7940
+--- /dev/null
++++ b/server/encrypt.h
+@@ -0,0 +1,222 @@
++/*
++ * encrypt.h - Define the enryptor's interface
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _ENCRYPT_H
++#define _ENCRYPT_H
++
++#ifndef __MINGW32__
++#include <sys/socket.h>
++#else
++
++#ifdef max
++#undef max
++#endif
++
++#ifdef min
++#undef min
++#endif
++
++#endif
++
++#include <string.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <stdint.h>
++
++#if defined(USE_CRYPTO_OPENSSL)
++
++#include <openssl/evp.h>
++#include <openssl/sha.h>
++#include <openssl/md5.h>
++typedef EVP_CIPHER cipher_kt_t;
++typedef EVP_CIPHER_CTX cipher_evp_t;
++typedef EVP_MD digest_type_t;
++#define MAX_KEY_LENGTH EVP_MAX_KEY_LENGTH
++#define MAX_IV_LENGTH EVP_MAX_IV_LENGTH
++#define MAX_MD_SIZE EVP_MAX_MD_SIZE
++
++#elif defined(USE_CRYPTO_POLARSSL)
++
++#include <polarssl/cipher.h>
++#include <polarssl/md.h>
++typedef cipher_info_t cipher_kt_t;
++typedef cipher_context_t cipher_evp_t;
++typedef md_info_t digest_type_t;
++#define MAX_KEY_LENGTH 64
++#define MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH
++#define MAX_MD_SIZE POLARSSL_MD_MAX_SIZE
++
++#elif defined(USE_CRYPTO_MBEDTLS)
++
++#include <mbedtls/cipher.h>
++#include <mbedtls/md.h>
++typedef mbedtls_cipher_info_t cipher_kt_t;
++typedef mbedtls_cipher_context_t cipher_evp_t;
++typedef mbedtls_md_info_t digest_type_t;
++#define MAX_KEY_LENGTH 64
++#define MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
++#define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE
++
++/* we must have MBEDTLS_CIPHER_MODE_CFB defined */
++#if !defined(MBEDTLS_CIPHER_MODE_CFB)
++#error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
++#endif
++
++#endif
++
++#ifdef USE_CRYPTO_APPLECC
++
++#include <CommonCrypto/CommonCrypto.h>
++
++#define kCCAlgorithmInvalid UINT32_MAX
++#define kCCContextValid 0
++#define kCCContextInvalid -1
++
++typedef struct {
++    CCCryptorRef cryptor;
++    int valid;
++    CCOperation encrypt;
++    CCAlgorithm cipher;
++    CCMode mode;
++    CCPadding padding;
++    uint8_t iv[MAX_IV_LENGTH];
++    uint8_t key[MAX_KEY_LENGTH];
++    size_t iv_len;
++    size_t key_len;
++} cipher_cc_t;
++
++#endif
++
++typedef struct {
++    cipher_evp_t *evp;
++#ifdef USE_CRYPTO_APPLECC
++    cipher_cc_t cc;
++#endif
++    uint8_t iv[MAX_IV_LENGTH];
++} cipher_ctx_t;
++
++typedef struct {
++    cipher_kt_t *info;
++    size_t iv_len;
++    size_t key_len;
++} cipher_t;
++
++#ifdef HAVE_STDINT_H
++#include <stdint.h>
++#elif HAVE_INTTYPES_H
++#include <inttypes.h>
++#endif
++
++#define SODIUM_BLOCK_SIZE   64
++
++enum crpher_index {
++    NONE = -1,
++    TABLE = 0,
++    RC4,
++    RC4_MD5_6,
++    RC4_MD5,
++    AES_128_CFB,
++    AES_192_CFB,
++    AES_256_CFB,
++    AES_128_CTR,
++    AES_192_CTR,
++    AES_256_CTR,
++    BF_CFB,
++    CAMELLIA_128_CFB,
++    CAMELLIA_192_CFB,
++    CAMELLIA_256_CFB,
++    CAST5_CFB,
++    DES_CFB,
++    IDEA_CFB,
++    RC2_CFB,
++    SEED_CFB,
++    SALSA20,
++    CHACHA20,
++    CHACHA20IETF,
++    CIPHER_NUM,
++};
++
++#define ONETIMEAUTH_FLAG 0x10
++#define ADDRTYPE_MASK 0xEF
++
++#define ONETIMEAUTH_BYTES 10U
++#define MD5_BYTES 16U
++#define SHA1_BYTES 20U
++#define CLEN_BYTES 2U
++#define AUTH_BYTES (ONETIMEAUTH_BYTES + CLEN_BYTES)
++
++#define min(a, b) (((a) < (b)) ? (a) : (b))
++#define max(a, b) (((a) > (b)) ? (a) : (b))
++
++typedef struct buffer {
++    size_t idx;
++    size_t len;
++    size_t capacity;
++    char   *array;
++} buffer_t;
++
++typedef struct chunk {
++    uint32_t idx;
++    uint32_t len;
++    uint32_t counter;
++    buffer_t *buf;
++} chunk_t;
++
++typedef struct enc_ctx {
++    uint8_t init;
++    uint64_t counter;
++    cipher_ctx_t evp;
++} enc_ctx_t;
++
++void bytes_to_key_with_size(const char *pass, size_t len, uint8_t *md, size_t md_size);
++
++int ss_encrypt_all(buffer_t *plaintext, int method, int auth, size_t capacity);
++int ss_decrypt_all(buffer_t *ciphertext, int method, int auth, size_t capacity);
++int ss_encrypt(buffer_t *plaintext, enc_ctx_t *ctx, size_t capacity);
++int ss_decrypt(buffer_t *ciphertext, enc_ctx_t *ctx, size_t capacity);
++
++void enc_ctx_init(int method, enc_ctx_t *ctx, int enc);
++int enc_init(const char *pass, const char *method);
++int enc_get_iv_len(void);
++uint8_t* enc_get_key(void);
++int enc_get_key_len(void);
++void cipher_context_release(cipher_ctx_t *evp);
++unsigned char *enc_md5(const unsigned char *d, size_t n, unsigned char *md);
++
++int ss_md5_hmac(char *auth, char *msg, int msg_len, uint8_t *iv);
++int ss_md5_hmac_with_key(char *auth, char *msg, int msg_len, uint8_t *auth_key, int key_len);
++int ss_md5_hash_func(char *auth, char *msg, int msg_len);
++int ss_sha1_hmac(char *auth, char *msg, int msg_len, uint8_t *iv);
++int ss_sha1_hmac_with_key(char *auth, char *msg, int msg_len, uint8_t *auth_key, int key_len);
++int ss_sha1_hash_func(char *auth, char *msg, int msg_len);
++int ss_aes_128_cbc(char *encrypt, char *out_data, char *key);
++int ss_onetimeauth(buffer_t *buf, uint8_t *iv, size_t capacity);
++int ss_onetimeauth_verify(buffer_t *buf, uint8_t *iv);
++
++int ss_check_hash(buffer_t *buf, chunk_t *chunk, enc_ctx_t *ctx, size_t capacity);
++int ss_gen_hash(buffer_t *buf, uint32_t *counter, enc_ctx_t *ctx, size_t capacity);
++
++int balloc(buffer_t *ptr, size_t capacity);
++int brealloc(buffer_t *ptr, size_t len, size_t capacity);
++void bfree(buffer_t *ptr);
++
++#endif // _ENCRYPT_H
+diff --git a/server/http.c b/server/http.c
+new file mode 100644
+index 0000000..3bd4a32
+--- /dev/null
++++ b/server/http.c
+@@ -0,0 +1,152 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdio.h>
++#include <stdlib.h> /* malloc() */
++#include <string.h> /* strncpy() */
++#include <strings.h> /* strncasecmp() */
++#include <ctype.h> /* isblank() */
++
++#include "http.h"
++#include "protocol.h"
++
++#define SERVER_NAME_LEN 256
++
++static int parse_http_header(const char *, size_t, char **);
++static int get_header(const char *, const char *, int, char **);
++static int next_header(const char **, int *);
++
++static const protocol_t http_protocol_st = {
++    .default_port =                 80,
++    .parse_packet = &parse_http_header,
++};
++const protocol_t *const http_protocol = &http_protocol_st;
++
++/*
++ * Parses a HTTP request for the Host: header
++ *
++ * Returns:
++ *  >=0  - length of the hostname and updates *hostname
++ *         caller is responsible for freeing *hostname
++ *  -1   - Incomplete request
++ *  -2   - No Host header included in this request
++ *  -3   - Invalid hostname pointer
++ *  -4   - malloc failure
++ *  < -4 - Invalid HTTP request
++ *
++ */
++static int
++parse_http_header(const char *data, size_t data_len, char **hostname)
++{
++    int result, i;
++
++    if (hostname == NULL)
++        return -3;
++
++    if (data_len == 0)
++        return -1;
++
++    result = get_header("Host:", data, data_len, hostname);
++    if (result < 0)
++        return result;
++
++    /*
++     *  if the user specifies the port in the request, it is included here.
++     *  Host: example.com:80
++     *  so we trim off port portion
++     */
++    for (i = result - 1; i >= 0; i--)
++        if ((*hostname)[i] == ':') {
++            (*hostname)[i] = '\0';
++            result         = i;
++            break;
++        }
++
++    return result;
++}
++
++static int
++get_header(const char *header, const char *data, int data_len, char **value)
++{
++    int len, header_len;
++
++    header_len = strlen(header);
++
++    /* loop through headers stopping at first blank line */
++    while ((len = next_header(&data, &data_len)) != 0)
++        if (len > header_len && strncasecmp(header, data, header_len) == 0) {
++            /* Eat leading whitespace */
++            while (header_len < len && isblank(data[header_len]))
++                header_len++;
++
++            *value = malloc(len - header_len + 1);
++            if (*value == NULL)
++                return -4;
++
++            strncpy(*value, data + header_len, len - header_len);
++            (*value)[len - header_len] = '\0';
++
++            return len - header_len;
++        }
++
++    /* If there is no data left after reading all the headers then we do not
++     * have a complete HTTP request, there must be a blank line */
++    if (data_len == 0)
++        return -1;
++
++    return -2;
++}
++
++static int
++next_header(const char **data, int *len)
++{
++    int header_len;
++
++    /* perhaps we can optimize this to reuse the value of header_len, rather
++     * than scanning twice.
++     * Walk our data stream until the end of the header */
++    while (*len > 2 && (*data)[0] != '\r' && (*data)[1] != '\n') {
++        (*len)--;
++        (*data)++;
++    }
++
++    /* advanced past the <CR><LF> pair */
++    *data += 2;
++    *len  -= 2;
++
++    /* Find the length of the next header */
++    header_len = 0;
++    while (*len > header_len + 1
++           && (*data)[header_len] != '\r'
++           && (*data)[header_len + 1] != '\n')
++        header_len++;
++
++    return header_len;
++}
+diff --git a/server/http.h b/server/http.h
+new file mode 100644
+index 0000000..914815a
+--- /dev/null
++++ b/server/http.h
+@@ -0,0 +1,34 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef HTTP_H
++#define HTTP_H
++
++#include <stdio.h>
++#include "protocol.h"
++
++const protocol_t *const http_protocol;
++
++#endif
+diff --git a/server/http_simple.c b/server/http_simple.c
+new file mode 100644
+index 0000000..c1e34ee
+--- /dev/null
++++ b/server/http_simple.c
+@@ -0,0 +1,625 @@
++
++#include "http_simple.h"
++
++static char* g_useragent[] = {
++    "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0",
++    "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0",
++    "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
++    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36",
++    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0",
++    "Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)",
++    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
++    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)",
++    "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
++    "Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36",
++    "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
++    "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
++};
++
++static int g_useragent_index = -1;
++
++typedef struct http_simple_local_data {
++    int has_sent_header;
++    int has_recv_header;
++    char *encode_buffer;
++    int host_matched;
++    char *recv_buffer;
++    int recv_buffer_size;
++}http_simple_local_data;
++
++void http_simple_local_data_init(http_simple_local_data* local) {
++    local->has_sent_header = 0;
++    local->has_recv_header = 0;
++    local->encode_buffer = NULL;
++
++    local->recv_buffer = malloc(0);
++    local->recv_buffer_size = 0;
++
++    local->host_matched = 0;
++
++    if (g_useragent_index == -1) {
++        g_useragent_index = xorshift128plus() % (sizeof(g_useragent) / sizeof(*g_useragent));
++    }
++}
++
++obfs * http_simple_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(http_simple_local_data));
++    http_simple_local_data_init((http_simple_local_data*)self->l_data);
++    return self;
++}
++
++void http_simple_dispose(obfs *self) {
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    if (local->encode_buffer != NULL) {
++        free(local->encode_buffer);
++        local->encode_buffer = NULL;
++    }
++    free(local);
++    dispose_obfs(self);
++}
++
++char http_simple_hex(char c) {
++    if (c < 10) return c + '0';
++    return c - 10 + 'a';
++}
++
++int get_data_from_http_header(char *data, char **outdata) {
++    char *delim = "\r\n";
++    char *delim_hex = "%";
++    int outlength = 0;
++
++    char *buf = *outdata;
++    char *p_line;
++    p_line = strtok(data, delim);
++
++    //while(p_line)
++    {
++        char *p_hex;
++
++        p_hex = strtok(p_line, delim_hex);
++
++        while((p_hex = strtok(NULL, delim_hex)))
++        {
++            char hex = 0;
++
++            if(strlen(p_hex) <= 0)
++            {
++                continue;
++            }
++
++            if(strlen(p_hex) > 2)
++            {
++                char *c_hex = (char*)malloc(2);
++                memcpy(c_hex, p_hex, 2);
++                hex = (char)strtol(c_hex, NULL, 16);
++                free(c_hex);
++            }
++            else
++            {
++                hex = (char)strtol(p_hex, NULL, 16);
++            }
++
++            outlength += 1;
++            buf = (char*)realloc(buf, outlength);
++            buf[outlength - 1] = hex;
++        }
++
++        //p_line = strtok(p_line, delim);
++    }
++    return outlength;
++}
++
++void get_host_from_http_header(char *data, char **host) {
++    char* data_begin = strstr(data, "Host: ");
++
++    if(data_begin == NULL)
++    {
++        return;
++    }
++
++    data_begin += 6;
++    char* data_end = strstr(data_begin, "\r\n");
++    char* data_end_port = strstr(data_begin, ":");
++
++    int host_length = 0;
++
++    if(data_end_port != NULL)
++    {
++        host_length = data_end_port - data_begin;
++    }
++    else
++    {
++        host_length = data_end - data_begin;
++    }
++
++    if(host_length <= 0)
++    {
++        return;
++    }
++
++    memset(*host, 0x00, 1024);
++    memcpy(*host, data_begin, host_length);
++}
++
++void http_simple_encode_head(http_simple_local_data *local, char *data, int datalength) {
++    if (local->encode_buffer == NULL) {
++        local->encode_buffer = (char*)malloc(datalength * 3 + 1);
++    }
++    int pos = 0;
++    for (; pos < datalength; ++pos) {
++        local->encode_buffer[pos * 3] = '%';
++        local->encode_buffer[pos * 3 + 1] = http_simple_hex(((unsigned char)data[pos] >> 4));
++        local->encode_buffer[pos * 3 + 2] = http_simple_hex(data[pos] & 0xF);
++    }
++    local->encode_buffer[pos * 3] = 0;
++}
++
++int http_simple_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity) {
++    char *encryptdata = *pencryptdata;
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    if (local->has_sent_header) {
++        return datalength;
++    }
++    char hosts[1024];
++    char * phost[128];
++    int host_num = 0;
++    int pos;
++    char hostport[128];
++    int head_size = self->server.head_len + (xorshift128plus() & 0x3F);
++    int outlength;
++    char * out_buffer = (char*)malloc(datalength + 2048);
++    char * body_buffer = NULL;
++    if (head_size > datalength)
++        head_size = datalength;
++    http_simple_encode_head(local, encryptdata, head_size);
++    if (self->server.param && strlen(self->server.param) == 0)
++        self->server.param = NULL;
++    strncpy(hosts, self->server.param ? self->server.param : self->server.host, sizeof hosts);
++    phost[host_num++] = hosts;
++    for (pos = 0; hosts[pos]; ++pos) {
++        if (hosts[pos] == ',') {
++            phost[host_num++] = &hosts[pos + 1];
++            hosts[pos] = 0;
++        } else if (hosts[pos] == '#') {
++            char * body_pointer = &hosts[pos + 1];
++            char * p;
++            int trans_char = 0;
++            p = body_buffer = (char*)malloc(2048);
++            for ( ; *body_pointer; ++body_pointer) {
++                if (*body_pointer == '\\') {
++                    trans_char = 1;
++                    continue;
++                } else if (*body_pointer == '\n') {
++                    *p = '\r';
++                    *++p = '\n';
++                    continue;
++                }
++                if (trans_char) {
++                    if (*body_pointer == '\\' ) {
++                        *p = '\\';
++                    } else if (*body_pointer == 'n' ) {
++                        *p = '\r';
++                        *++p = '\n';
++                    } else {
++                        *p = '\\';
++                        *p = *body_pointer;
++                    }
++                    trans_char = 0;
++                } else {
++                    *p = *body_pointer;
++                }
++                ++p;
++            }
++            *p = 0;
++            hosts[pos] = 0;
++            break;
++        }
++    }
++    host_num = xorshift128plus() % host_num;
++    if (self->server.port == 80)
++        sprintf(hostport, "%s", phost[host_num]);
++    else
++        sprintf(hostport, "%s:%d", phost[host_num], self->server.port);
++    if (body_buffer) {
++        sprintf(out_buffer,
++            "GET /%s HTTP/1.1\r\n"
++            "Host: %s\r\n"
++            "%s\r\n\r\n",
++            local->encode_buffer,
++            hostport,
++            body_buffer);
++    } else {
++        sprintf(out_buffer,
++            "GET /%s HTTP/1.1\r\n"
++            "Host: %s\r\n"
++            "User-Agent: %s\r\n"
++            "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
++            "Accept-Language: en-US,en;q=0.8\r\n"
++            "Accept-Encoding: gzip, deflate\r\n"
++            "DNT: 1\r\n"
++            "Connection: keep-alive\r\n"
++            "\r\n",
++            local->encode_buffer,
++            hostport,
++            g_useragent[g_useragent_index]
++            );
++    }
++    //LOGI("http header: %s", out_buffer);
++    outlength = strlen(out_buffer);
++    memmove(out_buffer + outlength, encryptdata + head_size, datalength - head_size);
++    outlength += datalength - head_size;
++    local->has_sent_header = 1;
++    if (*capacity < outlength) {
++        *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++        encryptdata = *pencryptdata;
++    }
++    memmove(encryptdata, out_buffer, outlength);
++    free(out_buffer);
++    if (body_buffer != NULL)
++        free(body_buffer);
++    if (local->encode_buffer != NULL) {
++        free(local->encode_buffer);
++        local->encode_buffer = NULL;
++    }
++    return outlength;
++}
++
++int http_simple_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity) {
++    char *encryptdata = *pencryptdata;
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    if (local->has_sent_header) {
++        return datalength;
++    }
++    int outlength;
++    char * out_buffer = (char*)malloc(datalength + 2048);
++
++    time_t now;
++    struct tm *tm_now;
++    char    datetime[200];
++
++    time(&now);
++    tm_now = localtime(&now);
++    strftime(datetime, 200, "%a, %d %b %Y %H:%M:%S GMT", tm_now);
++
++    sprintf(out_buffer,
++        "HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nContent-Type: text/html\r\nDate: "
++        "%s"
++        "\r\nServer: nginx\r\nVary: Accept-Encoding\r\n\r\n",
++        datetime);
++
++    outlength = strlen(out_buffer);
++    memmove(out_buffer + outlength, encryptdata, datalength);
++    outlength += datalength;
++
++    local->has_sent_header = 1;
++    if (*capacity < outlength) {
++        *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++        encryptdata = *pencryptdata;
++    }
++    memmove(encryptdata, out_buffer, outlength);
++    free(out_buffer);
++    return outlength;
++}
++
++int http_simple_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback) {
++    char *encryptdata = *pencryptdata;
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    *needsendback = 0;
++    if (local->has_recv_header) {
++        return datalength;
++    }
++    char* data_begin = strstr(encryptdata, "\r\n\r\n");
++    if (data_begin) {
++        int outlength;
++        data_begin += 4;
++        local->has_recv_header = 1;
++        outlength = datalength - (data_begin - encryptdata);
++        memmove(encryptdata, data_begin, outlength);
++        return outlength;
++    } else {
++        return 0;
++    }
++}
++
++int http_simple_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback) {
++    char *encryptdata = *pencryptdata;
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    *needsendback = 0;
++    if (local->has_recv_header) {
++        return datalength;
++    }
++
++    if(datalength != 0)
++    {
++        local->recv_buffer = (char*)realloc(local->recv_buffer, local->recv_buffer_size + datalength);
++        memmove(local->recv_buffer + local->recv_buffer_size, encryptdata, datalength);
++        local->recv_buffer_size += datalength;
++
++        int outlength = local->recv_buffer_size;
++        if (*capacity < outlength) {
++            *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++            encryptdata = *pencryptdata;
++        }
++        memcpy(encryptdata, local->recv_buffer, local->recv_buffer_size);
++    }
++
++    if(local->recv_buffer_size > 10)
++    {
++        if(strstr(local->recv_buffer, "GET /") == local->recv_buffer || strstr(local->recv_buffer, "POST /") == local->recv_buffer)
++        {
++            if(local->recv_buffer_size > 65536)
++            {
++                free(local->recv_buffer);
++                local->recv_buffer = malloc(0);
++                local->recv_buffer_size = 0;
++                local->has_sent_header = 1;
++                local->has_recv_header = 1;
++                LOGE("http_simple: over size");
++                return -1;
++            }
++        }
++        else
++        {
++            free(local->recv_buffer);
++            local->recv_buffer = malloc(0);
++            local->recv_buffer_size = 0;
++            local->has_sent_header = 1;
++            local->has_recv_header = 1;
++            LOGE("http_simple: not match begin");
++            return -1;
++        }
++    }
++    else
++    {
++        LOGE("http_simple: too short");
++        local->has_sent_header = 1;
++        local->has_recv_header = 1;
++        return -1;
++    }
++
++    char* data_begin = strstr(encryptdata, "\r\n\r\n");
++    if (data_begin) {
++        int outlength;
++        char *ret_buf = (char*)malloc(*capacity);
++        memset(ret_buf, 0x00, *capacity);
++        int ret_buf_len = 0;
++        ret_buf_len = get_data_from_http_header(encryptdata, &ret_buf);
++
++        if (self->server.param && strlen(self->server.param) == 0)
++        {
++            self->server.param = NULL;
++        }
++        else
++        {
++            if(local->host_matched == 0)
++            {
++                char *host = (char*)malloc(1024);
++                get_host_from_http_header(local->recv_buffer, &host);
++                char hosts[1024];
++                char * phost[128];
++                int host_num = 0;
++                int pos = 0;
++                int is_match = 0;
++                char * body_buffer = NULL;
++                strncpy(hosts, self->server.param, sizeof hosts);
++                phost[host_num++] = hosts;
++
++                for (pos = 0; hosts[pos]; ++pos) {
++                    if (hosts[pos] == ',') {
++                        phost[host_num++] = &hosts[pos + 1];
++                        hosts[pos] = 0;
++                    } else if (hosts[pos] == '#') {
++                        char * body_pointer = &hosts[pos + 1];
++                        char * p;
++                        int trans_char = 0;
++                        p = body_buffer = (char*)malloc(2048);
++                        for ( ; *body_pointer; ++body_pointer) {
++                            if (*body_pointer == '\\') {
++                                trans_char = 1;
++                                continue;
++                            } else if (*body_pointer == '\n') {
++                                *p = '\r';
++                                *++p = '\n';
++                                continue;
++                            }
++                            if (trans_char) {
++                                if (*body_pointer == '\\' ) {
++                                    *p = '\\';
++                                } else if (*body_pointer == 'n' ) {
++                                    *p = '\r';
++                                    *++p = '\n';
++                                } else {
++                                    *p = '\\';
++                                    *p = *body_pointer;
++                                }
++                                trans_char = 0;
++                            } else {
++                                *p = *body_pointer;
++                            }
++                            ++p;
++                        }
++                        *p = 0;
++                        hosts[pos] = 0;
++                        break;
++                    }
++                }
++
++
++                for(pos = 0; pos < host_num; pos++)
++                {
++                    if(strcmp(phost[pos], host) == 0)
++                    {
++                        is_match = 1;
++                        local->host_matched = 1;
++                    }
++                }
++
++                if(is_match == 0)
++                {
++                    free(local->recv_buffer);
++                    local->recv_buffer = malloc(0);
++                    local->recv_buffer_size = 0;
++                    local->has_sent_header = 1;
++                    local->has_recv_header = 1;
++                    LOGE("http_simple: not match host, host: %s", host);
++                    return -1;
++                }
++
++                free(host);
++            }
++        }
++
++        if(ret_buf_len <= 0)
++        {
++            return -1;
++        }
++
++        data_begin += 4;
++        local->has_recv_header = 1;
++
++        ret_buf = (char*)realloc(ret_buf, ret_buf_len + datalength - (data_begin - encryptdata));
++        outlength = ret_buf_len + datalength - (data_begin - encryptdata);
++
++        memcpy(ret_buf + ret_buf_len, data_begin, datalength - (data_begin - encryptdata));
++
++        if (*capacity < outlength) {
++            *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++            encryptdata = *pencryptdata;
++        }
++
++        memcpy(encryptdata, ret_buf, outlength);
++        free(ret_buf);
++        return outlength;
++    } else {
++        return 0;
++    }
++}
++
++void boundary(char result[])
++{
++    char *str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
++    int i,lstr;
++    char ss[3] = {0};
++    lstr = strlen(str);
++    srand((unsigned int)time((time_t *)NULL));
++    for(i = 0; i < 32; ++i)
++    {
++        sprintf(ss, "%c", str[(rand()%lstr)]);
++        strcat(result, ss);
++    }
++}
++
++int http_post_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity) {
++    char *encryptdata = *pencryptdata;
++    http_simple_local_data *local = (http_simple_local_data*)self->l_data;
++    if (local->has_sent_header) {
++        return datalength;
++    }
++    char hosts[1024];
++    char * phost[128];
++    int host_num = 0;
++    int pos;
++    char hostport[128];
++    int head_size = self->server.head_len + (xorshift128plus() & 0x3F);
++    int outlength;
++    char * out_buffer = (char*)malloc(datalength + 2048);
++    char * body_buffer = NULL;
++    if (head_size > datalength)
++        head_size = datalength;
++    http_simple_encode_head(local, encryptdata, head_size);
++    if (self->server.param && strlen(self->server.param) == 0)
++        self->server.param = NULL;
++    strncpy(hosts, self->server.param ? self->server.param : self->server.host, sizeof hosts);
++    phost[host_num++] = hosts;
++    for (pos = 0; hosts[pos]; ++pos) {
++        if (hosts[pos] == ',') {
++            phost[host_num++] = &hosts[pos + 1];
++            hosts[pos] = 0;
++        } else if (hosts[pos] == '#') {
++            char * body_pointer = &hosts[pos + 1];
++            char * p;
++            int trans_char = 0;
++            p = body_buffer = (char*)malloc(2048);
++            for ( ; *body_pointer; ++body_pointer) {
++                if (*body_pointer == '\\') {
++                    trans_char = 1;
++                    continue;
++                } else if (*body_pointer == '\n') {
++                    *p = '\r';
++                    *++p = '\n';
++                    continue;
++                }
++                if (trans_char) {
++                    if (*body_pointer == '\\' ) {
++                        *p = '\\';
++                    } else if (*body_pointer == 'n' ) {
++                        *p = '\r';
++                        *++p = '\n';
++                    } else {
++                        *p = '\\';
++                        *p = *body_pointer;
++                    }
++                    trans_char = 0;
++                } else {
++                    *p = *body_pointer;
++                }
++                ++p;
++            }
++            *p = 0;
++            hosts[pos] = 0;
++            break;
++        }
++    }
++    host_num = xorshift128plus() % host_num;
++    if (self->server.port == 80)
++        sprintf(hostport, "%s", phost[host_num]);
++    else
++        sprintf(hostport, "%s:%d", phost[host_num], self->server.port);
++    if (body_buffer) {
++        sprintf(out_buffer,
++            "POST /%s HTTP/1.1\r\n"
++            "Host: %s\r\n"
++            "%s\r\n\r\n",
++            local->encode_buffer,
++            hostport,
++            body_buffer);
++    } else {
++        char result[33] = {0};
++        boundary(result);
++        sprintf(out_buffer,
++            "POST /%s HTTP/1.1\r\n"
++            "Host: %s\r\n"
++            "User-Agent: %s\r\n"
++            "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
++            "Accept-Language: en-US,en;q=0.8\r\n"
++            "Accept-Encoding: gzip, deflate\r\n"
++            "Content-Type: multipart/form-data; boundary=%s\r\n"
++            "DNT: 1\r\n"
++            "Connection: keep-alive\r\n"
++            "\r\n",
++            local->encode_buffer,
++            hostport,
++            g_useragent[g_useragent_index],
++            result
++            );
++    }
++    //LOGI("http header: %s", out_buffer);
++    outlength = strlen(out_buffer);
++    memmove(out_buffer + outlength, encryptdata + head_size, datalength - head_size);
++    outlength += datalength - head_size;
++    local->has_sent_header = 1;
++    if (*capacity < outlength) {
++        *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++        encryptdata = *pencryptdata;
++    }
++    memmove(encryptdata, out_buffer, outlength);
++    free(out_buffer);
++    if (body_buffer != NULL)
++        free(body_buffer);
++    if (local->encode_buffer != NULL) {
++        free(local->encode_buffer);
++        local->encode_buffer = NULL;
++    }
++    return outlength;
++}
+diff --git a/server/http_simple.h b/server/http_simple.h
+new file mode 100644
+index 0000000..cce24cc
+--- /dev/null
++++ b/server/http_simple.h
+@@ -0,0 +1,21 @@
++/*
++ * http_simple.h - Define shadowsocksR server's buffers and callbacks
++ *
++ * Copyright (C) 2015 - 2016, Break Wa11 <mmgac001@gmail.com>
++ */
++
++#ifndef _HTTP_SIMPLE_H
++#define _HTTP_SIMPLE_H
++
++obfs * http_simple_new_obfs();
++void http_simple_dispose(obfs *self);
++
++int http_simple_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity);
++int http_simple_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback);
++
++int http_post_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity);
++
++int http_simple_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity);
++int http_simple_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback);
++
++#endif // _HTTP_SIMPLE_H
+diff --git a/server/jconf.c b/server/jconf.c
+new file mode 100644
+index 0000000..494aa5f
+--- /dev/null
++++ b/server/jconf.c
+@@ -0,0 +1,260 @@
++/*
++ * jconf.c - Parse the JSON format config file
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <string.h>
++#include <time.h>
++
++#include "utils.h"
++#include "jconf.h"
++#include "json.h"
++#include "string.h"
++
++#include <libcork/core.h>
++
++#define check_json_value_type(value, expected_type, message) \
++    do { \
++        if ((value)->type != (expected_type)) \
++            FATAL((message)); \
++    } while(0)
++
++static char *
++to_string(const json_value *value)
++{
++    if (value->type == json_string) {
++        return ss_strndup(value->u.string.ptr, value->u.string.length);
++    } else if (value->type == json_integer) {
++        return strdup(ss_itoa(value->u.integer));
++    } else if (value->type == json_null) {
++        return "null";
++    } else {
++        LOGE("%d", value->type);
++        FATAL("Invalid config format.");
++    }
++    return 0;
++}
++
++void
++free_addr(ss_addr_t *addr)
++{
++    ss_free(addr->host);
++    ss_free(addr->port);
++}
++
++void
++parse_addr(const char *str, ss_addr_t *addr)
++{
++    int ipv6 = 0, ret = -1, n = 0;
++    char *pch;
++
++    struct cork_ip ip;
++    if (cork_ip_init(&ip, str) != -1) {
++        addr->host = strdup(str);
++        addr->port = NULL;
++        return;
++    }
++
++    pch = strchr(str, ':');
++    while (pch != NULL) {
++        n++;
++        ret = pch - str;
++        pch = strchr(pch + 1, ':');
++    }
++    if (n > 1) {
++        ipv6 = 1;
++        if (str[ret - 1] != ']') {
++            ret = -1;
++        }
++    }
++
++    if (ret == -1) {
++        if (ipv6) {
++            addr->host = ss_strndup(str + 1, strlen(str) - 2);
++        } else {
++            addr->host = strdup(str);
++        }
++        addr->port = NULL;
++    } else {
++        if (ipv6) {
++            addr->host = ss_strndup(str + 1, ret - 2);
++        } else {
++            addr->host = ss_strndup(str, ret);
++        }
++        addr->port = strdup(str + ret + 1);
++    }
++}
++
++jconf_t *
++read_jconf(const char *file)
++{
++    static jconf_t conf;
++
++    memset(&conf, 0, sizeof(jconf_t));
++
++    char *buf;
++    json_value *obj;
++
++    FILE *f = fopen(file, "rb");
++    if (f == NULL) {
++        FATAL("Invalid config path.");
++    }
++
++    fseek(f, 0, SEEK_END);
++    long pos = ftell(f);
++    fseek(f, 0, SEEK_SET);
++
++    if (pos >= MAX_CONF_SIZE) {
++        FATAL("Too large config file.");
++    }
++
++    buf = ss_malloc(pos + 1);
++    if (buf == NULL) {
++        FATAL("No enough memory.");
++    }
++
++    int nread = fread(buf, pos, 1, f);
++    if (!nread) {
++        FATAL("Failed to read the config file.");
++    }
++    fclose(f);
++
++    buf[pos] = '\0'; // end of string
++
++    json_settings settings = { 0UL, 0, NULL, NULL, NULL };
++    char error_buf[512];
++    obj = json_parse_ex(&settings, buf, pos, error_buf);
++
++    if (obj == NULL) {
++        FATAL(error_buf);
++    }
++
++    if (obj->type == json_object) {
++        unsigned int i, j;
++        for (i = 0; i < obj->u.object.length; i++) {
++            char *name        = obj->u.object.values[i].name;
++            json_value *value = obj->u.object.values[i].value;
++            if (strcmp(name, "server") == 0) {
++                if (value->type == json_array) {
++                    for (j = 0; j < value->u.array.length; j++) {
++                        if (j >= MAX_REMOTE_NUM) {
++                            break;
++                        }
++                        json_value *v = value->u.array.values[j];
++                        char *addr_str = to_string(v);
++                        parse_addr(addr_str, conf.remote_addr + j);
++                        ss_free(addr_str);
++                        conf.remote_num = j + 1;
++                    }
++                } else if (value->type == json_string) {
++                    conf.remote_addr[0].host = to_string(value);
++                    conf.remote_addr[0].port = NULL;
++                    conf.remote_num          = 1;
++                }
++            } else if (strcmp(name, "port_password") == 0) {
++                if (value->type == json_object) {
++                    for (j = 0; j < value->u.object.length; j++) {
++                        if (j >= MAX_PORT_NUM) {
++                            break;
++                        }
++                        json_value *v = value->u.object.values[j].value;
++                        if (v->type == json_string) {
++                            conf.port_password[j].port = ss_strndup(value->u.object.values[j].name,
++                                                                    value->u.object.values[j].name_length);
++                            conf.port_password[j].password = to_string(v);
++                            conf.port_password_num         = j + 1;
++                        }
++                    }
++                }
++            } else if (strcmp(name, "server_port") == 0) {
++                conf.remote_port = to_string(value);
++            } else if (strcmp(name, "local_address") == 0) {
++                conf.local_addr = to_string(value);
++            } else if (strcmp(name, "local_port") == 0) {
++                conf.local_port = to_string(value);
++            } else if (strcmp(name, "password") == 0) {
++                conf.password = to_string(value);
++            } else if (strcmp(name, "protocol") == 0) { // SSR
++                conf.protocol = to_string(value);
++            } else if (strcmp(name, "protocol_param") == 0) { // SSR
++                conf.protocol_param = to_string(value);
++            } else if (strcmp(name, "method") == 0) {
++                conf.method = to_string(value);
++            } else if (strcmp(name, "obfs") == 0) { // SSR
++                conf.obfs = to_string(value);
++            } else if (strcmp(name, "obfs_param") == 0) { // SSR
++                conf.obfs_param = to_string(value);
++            } else if (strcmp(name, "timeout") == 0) {
++                conf.timeout = to_string(value);
++            } else if (strcmp(name, "user") == 0) {
++                conf.user = to_string(value);
++            } else if (strcmp(name, "fast_open") == 0) {
++                check_json_value_type(value, json_boolean,
++                        "invalid config file: option 'fast_open' must be a boolean");
++                conf.fast_open = value->u.boolean;
++            } else if (strcmp(name, "auth") == 0) {
++                check_json_value_type(value, json_boolean,
++                        "invalid config file: option 'auth' must be a boolean");
++                conf.auth = value->u.boolean;
++            } else if (strcmp(name, "nofile") == 0) {
++                check_json_value_type(value, json_integer,
++                    "invalid config file: option 'nofile' must be an integer");
++                conf.nofile = value->u.integer;
++            } else if (strcmp(name, "nameserver") == 0) {
++                conf.nameserver = to_string(value);
++            } else if (strcmp(name, "tunnel_address") == 0) {
++                conf.tunnel_address = to_string(value);
++            } else if (strcmp(name, "mode") == 0) {
++                char *mode_str = to_string(value);
++
++                if (strcmp(mode_str, "tcp_only") == 0)
++                    conf.mode = TCP_ONLY;
++                else if (strcmp(mode_str, "tcp_and_udp") == 0)
++                    conf.mode = TCP_AND_UDP;
++                else if (strcmp(mode_str, "udp_only") == 0)
++                    conf.mode = UDP_ONLY;
++                else
++                    LOGI("ignore unknown mode: %s, use tcp_only as fallback",
++                         mode_str);
++                ss_free(mode_str);
++            } else if (strcmp(name, "mtu") == 0) {
++                check_json_value_type(value, json_integer,
++                    "invalid config file: option 'mtu' must be an integer");
++                conf.mtu = value->u.integer;
++            } else if (strcmp(name, "mptcp") == 0) {
++                check_json_value_type(value, json_boolean,
++                    "invalid config file: option 'mptcp' must be a boolean");
++                conf.mptcp = value->u.boolean;
++            } else if (strcmp(name, "ipv6_first") == 0) {
++                check_json_value_type(value, json_boolean,
++                    "invalid config file: option 'ipv6_first' must be a boolean");
++                conf.ipv6_first = value->u.boolean;
++            }
++        }
++    } else {
++        FATAL("Invalid config file");
++    }
++
++    ss_free(buf);
++    json_value_free(obj);
++    return &conf;
++}
+diff --git a/server/jconf.h b/server/jconf.h
+new file mode 100644
+index 0000000..9a7e5e3
+--- /dev/null
++++ b/server/jconf.h
+@@ -0,0 +1,78 @@
++/*
++ * jconf.h - Define the config data structure
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _JCONF_H
++#define _JCONF_H
++
++#define MAX_PORT_NUM 1024
++#define MAX_REMOTE_NUM 10
++#define MAX_CONF_SIZE 128 * 1024
++#define MAX_DNS_NUM 4
++#define MAX_CONNECT_TIMEOUT 10
++#define MAX_REQUEST_TIMEOUT 60
++#define MIN_UDP_TIMEOUT 10
++
++#define TCP_ONLY     0
++#define TCP_AND_UDP  1
++#define UDP_ONLY     3
++
++typedef struct {
++    char *host;
++    char *port;
++} ss_addr_t;
++
++typedef struct {
++    char *port;
++    char *password;
++} ss_port_password_t;
++
++typedef struct {
++    int remote_num;
++    ss_addr_t remote_addr[MAX_REMOTE_NUM];
++    int port_password_num;
++    ss_port_password_t port_password[MAX_PORT_NUM];
++    char *remote_port;
++    char *local_addr;
++    char *local_port;
++    char *password;
++    char *protocol; // SSR
++    char *protocol_param; // SSR
++    char *method;
++    char *obfs; // SSR
++    char *obfs_param; // SSR
++    char *timeout;
++    char *user;
++    int auth;
++    int fast_open;
++    int nofile;
++    char *nameserver;
++    char *tunnel_address;
++    int mode;
++    int mtu;
++    int mptcp;
++    int ipv6_first;
++} jconf_t;
++
++jconf_t *read_jconf(const char *file);
++void parse_addr(const char *str, ss_addr_t *addr);
++void free_addr(ss_addr_t *addr);
++
++#endif // _JCONF_H
+diff --git a/server/json.c b/server/json.c
+new file mode 100644
+index 0000000..18e95ef
+--- /dev/null
++++ b/server/json.c
+@@ -0,0 +1,1002 @@
++/* vim: set et ts=3 sw=3 sts=3 ft=c:
++ *
++ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
++ * https://github.com/udp/json-parser
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *   notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *   notice, this list of conditions and the following disclaimer in the
++ *   documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include "json.h"
++#include "utils.h"
++
++#ifdef _MSC_VER
++#ifndef _CRT_SECURE_NO_WARNINGS
++#define _CRT_SECURE_NO_WARNINGS
++#endif
++#endif
++
++#ifdef __cplusplus
++const struct _json_value json_value_none; /* zero-d by ctor */
++#else
++const struct _json_value json_value_none = { NULL, 0, { 0 }, { NULL } };
++#endif
++
++#include <stdio.h>
++#include <string.h>
++#include <ctype.h>
++#include <math.h>
++
++typedef unsigned short json_uchar;
++
++static unsigned char
++hex_value(json_char c)
++{
++    if (isdigit((uint8_t)c)) {
++        return c - '0';
++    }
++
++    switch (c) {
++    case 'a':
++    case 'A':
++        return 0x0A;
++    case 'b':
++    case 'B':
++        return 0x0B;
++    case 'c':
++    case 'C':
++        return 0x0C;
++    case 'd':
++    case 'D':
++        return 0x0D;
++    case 'e':
++    case 'E':
++        return 0x0E;
++    case 'f':
++    case 'F':
++        return 0x0F;
++    default:
++        return 0xFF;
++    }
++}
++
++typedef struct {
++    unsigned long used_memory;
++
++    unsigned int uint_max;
++    unsigned long ulong_max;
++
++    json_settings settings;
++    int first_pass;
++} json_state;
++
++static void *
++default_alloc(size_t size, int zero, void *user_data)
++{
++    return zero ? calloc(1, size) : ss_malloc(size);
++}
++
++static void
++default_free(void *ptr, void *user_data)
++{
++    ss_free(ptr);
++}
++
++static void *
++json_alloc(json_state *state, unsigned long size, int zero)
++{
++    if ((state->ulong_max - state->used_memory) < size) {
++        return 0;
++    }
++
++    if (state->settings.max_memory
++        && (state->used_memory += size) > state->settings.max_memory) {
++        return 0;
++    }
++
++    return state->settings.mem_alloc(size, zero, state->settings.user_data);
++}
++
++static int
++new_value(json_state *state, json_value **top, json_value **root,
++          json_value **alloc, json_type type)
++{
++    json_value *value;
++    int values_size;
++
++    if (!state->first_pass) {
++        value  = *top = *alloc;
++        *alloc = (*alloc)->_reserved.next_alloc;
++
++        if (!*root) {
++            *root = value;
++        }
++
++        switch (value->type) {
++        case json_array:
++
++            if (!(value->u.array.values = (json_value **)json_alloc
++                                              (state, value->u.array.length *
++                                              sizeof(json_value *), 0))) {
++                return 0;
++            }
++
++            value->u.array.length = 0;
++            break;
++
++        case json_object:
++
++            values_size = sizeof(*value->u.object.values) *
++                          value->u.object.length;
++
++            if (!((*(void **)&value->u.object.values) = json_alloc
++                                                            (state,
++                                                            values_size +
++                                                            ((size_t)value->u.
++                                                             object.values),
++                                                            0))) {
++                return 0;
++            }
++
++            value->_reserved.object_mem = (*(char **)&value->u.object.values) +
++                                          values_size;
++
++            value->u.object.length = 0;
++            break;
++
++        case json_string:
++
++            if (!(value->u.string.ptr = (json_char *)json_alloc
++                                            (state,
++                                            (value->u.string.length +
++                                             1) * sizeof(json_char), 0))) {
++                return 0;
++            }
++
++            value->u.string.length = 0;
++            break;
++
++        default:
++            break;
++        }
++
++        return 1;
++    }
++
++    value = (json_value *)json_alloc(state, sizeof(json_value), 1);
++
++    if (!value) {
++        return 0;
++    }
++
++    if (!*root) {
++        *root = value;
++    }
++
++    value->type   = type;
++    value->parent = *top;
++
++    if (*alloc) {
++        (*alloc)->_reserved.next_alloc = value;
++    }
++
++    *alloc = *top = value;
++
++    return 1;
++}
++
++#define e_off \
++    ((int)(i - cur_line_begin))
++
++#define whitespace                          \
++case '\n': \
++    ++cur_line; cur_line_begin = i; \
++case ' ': \
++case '\t': \
++case '\r'
++
++#define string_add(b)                                         \
++    do { if (!state.first_pass) { string[string_length] = b; \
++         } ++string_length; } while (0)
++
++static const long
++    flag_next           = 1 << 0,
++    flag_reproc         = 1 << 1,
++    flag_need_comma     = 1 << 2,
++    flag_seek_value     = 1 << 3,
++    flag_escaped        = 1 << 4,
++    flag_string         = 1 << 5,
++    flag_need_colon     = 1 << 6,
++    flag_done           = 1 << 7,
++    flag_num_negative   = 1 << 8,
++    flag_num_zero       = 1 << 9,
++    flag_num_e          = 1 << 10,
++    flag_num_e_got_sign = 1 << 11,
++    flag_num_e_negative = 1 << 12,
++    flag_line_comment   = 1 << 13,
++    flag_block_comment  = 1 << 14;
++
++json_value *
++json_parse_ex(json_settings *settings,
++              const json_char *json,
++              size_t length,
++              char *error_buf)
++{
++    json_char error[json_error_max];
++    int cur_line;
++    const json_char *cur_line_begin, *i, *end;
++    json_value *top, *root, *alloc = 0;
++    json_state state = { 0UL, 0U, 0UL, { 0UL, 0, NULL, NULL, NULL }, 0 };
++    long flags;
++    long num_digits = 0, num_e = 0;
++    json_int_t num_fraction = 0;
++
++    /* Skip UTF-8 BOM
++     */
++    if (length >= 3 && ((unsigned char)json[0]) == 0xEF
++        && ((unsigned char)json[1]) == 0xBB
++        && ((unsigned char)json[2]) == 0xBF) {
++        json   += 3;
++        length -= 3;
++    }
++
++    error[0] = '\0';
++    end      = (json + length);
++
++    memcpy(&state.settings, settings, sizeof(json_settings));
++
++    if (!state.settings.mem_alloc) {
++        state.settings.mem_alloc = default_alloc;
++    }
++
++    if (!state.settings.mem_free) {
++        state.settings.mem_free = default_free;
++    }
++
++    memset(&state.uint_max, 0xFF, sizeof(state.uint_max));
++    memset(&state.ulong_max, 0xFF, sizeof(state.ulong_max));
++
++    state.uint_max  -= 8; /* limit of how much can be added before next check */
++    state.ulong_max -= 8;
++
++    for (state.first_pass = 1; state.first_pass >= 0; --state.first_pass) {
++        json_uchar uchar;
++        unsigned char uc_b1, uc_b2, uc_b3, uc_b4;
++        json_char *string          = 0;
++        unsigned int string_length = 0;
++
++        top   = root = 0;
++        flags = flag_seek_value;
++
++        cur_line       = 1;
++        cur_line_begin = json;
++
++        for (i = json;; ++i) {
++            json_char b = (i == end ? 0 : *i);
++
++            if (flags & flag_string) {
++                if (!b) {
++                    sprintf(error, "Unexpected EOF in string (at %d:%d)",
++                            cur_line, e_off);
++                    goto e_failed;
++                }
++
++                if (string_length > state.uint_max) {
++                    goto e_overflow;
++                }
++
++                if (flags & flag_escaped) {
++                    flags &= ~flag_escaped;
++
++                    switch (b) {
++                    case 'b':
++                        string_add('\b');
++                        break;
++                    case 'f':
++                        string_add('\f');
++                        break;
++                    case 'n':
++                        string_add('\n');
++                        break;
++                    case 'r':
++                        string_add('\r');
++                        break;
++                    case 't':
++                        string_add('\t');
++                        break;
++                    case 'u':
++
++                        if (end - i < 4 ||
++                            (uc_b1 = hex_value(*++i)) == 0xFF ||
++                            (uc_b2 = hex_value(*++i)) == 0xFF
++                            || (uc_b3 = hex_value(*++i)) == 0xFF ||
++                            (uc_b4 = hex_value(*++i)) == 0xFF) {
++                            sprintf(error,
++                                    "Invalid character value `%c` (at %d:%d)",
++                                    b, cur_line, e_off);
++                            goto e_failed;
++                        }
++
++                        uc_b1 = uc_b1 * 16 + uc_b2;
++                        uc_b2 = uc_b3 * 16 + uc_b4;
++
++                        uchar = ((json_char)uc_b1) * 256 + uc_b2;
++
++                        if (sizeof(json_char) >= sizeof(json_uchar) ||
++                            (uc_b1 == 0 && uc_b2 <= 0x7F)) {
++                            string_add((json_char)uchar);
++                            break;
++                        }
++
++                        if (uchar <= 0x7FF) {
++                            if (state.first_pass) {
++                                string_length += 2;
++                            } else {
++                                string[string_length++] = 0xC0 |
++                                                          ((uc_b2 &
++                                                            0xC0) >>
++                                                           6) |
++                                                          ((uc_b1 & 0x7) << 2);
++                                string[string_length++] = 0x80 |
++                                                          (uc_b2 & 0x3F);
++                            }
++
++                            break;
++                        }
++
++                        if (state.first_pass) {
++                            string_length += 3;
++                        } else {
++                            string[string_length++] = 0xE0 |
++                                                      ((uc_b1 & 0xF0) >> 4);
++                            string[string_length++] = 0x80 |
++                                                      ((uc_b1 &
++                                                        0xF) <<
++                                                       2) |
++                                                      ((uc_b2 & 0xC0) >> 6);
++                            string[string_length++] = 0x80 | (uc_b2 & 0x3F);
++                        }
++
++                        break;
++
++                    default:
++                        string_add(b);
++                    }
++
++                    continue;
++                }
++
++                if (b == '\\') {
++                    flags |= flag_escaped;
++                    continue;
++                }
++
++                if (b == '"') {
++                    if (!state.first_pass) {
++                        string[string_length] = 0;
++                    }
++
++                    flags &= ~flag_string;
++                    string = 0;
++
++                    switch (top->type) {
++                    case json_string:
++
++                        top->u.string.length = string_length;
++                        flags               |= flag_next;
++
++                        break;
++
++                    case json_object:
++
++                        if (state.first_pass) {
++                            (*(json_char **)&top->u.object.values) +=
++                                string_length + 1;
++                        } else {
++                            top->u.object.values[top->u.object.length].name
++                                = (json_char *)top->_reserved.object_mem;
++
++                            top->u.object.values[top->u.object.length].
++                            name_length
++                                = string_length;
++
++                            (*(json_char **)&top->_reserved.object_mem) +=
++                                string_length + 1;
++                        }
++
++                        flags |= flag_seek_value | flag_need_colon;
++                        continue;
++
++                    default:
++                        break;
++                    }
++                } else {
++                    string_add(b);
++                    continue;
++                }
++            }
++
++            if (state.settings.settings & json_enable_comments) {
++                if (flags & (flag_line_comment | flag_block_comment)) {
++                    if (flags & flag_line_comment) {
++                        if (b == '\r' || b == '\n' || !b) {
++                            flags &= ~flag_line_comment;
++                            --i;   /* so null can be reproc'd */
++                        }
++
++                        continue;
++                    }
++
++                    if (flags & flag_block_comment) {
++                        if (!b) {
++                            sprintf(error,
++                                    "%d:%d: Unexpected EOF in block comment",
++                                    cur_line, e_off);
++                            goto e_failed;
++                        }
++
++                        if (b == '*' && i < (end - 1) && i[1] == '/') {
++                            flags &= ~flag_block_comment;
++                            ++i;   /* skip closing sequence */
++                        }
++
++                        continue;
++                    }
++                } else if (b == '/') {
++                    if (!(flags & (flag_seek_value | flag_done)) && top->type !=
++                        json_object) {
++                        sprintf(error, "%d:%d: Comment not allowed here",
++                                cur_line, e_off);
++                        goto e_failed;
++                    }
++
++                    if (++i == end) {
++                        sprintf(error, "%d:%d: EOF unexpected", cur_line,
++                                e_off);
++                        goto e_failed;
++                    }
++
++                    switch (b = *i) {
++                    case '/':
++                        flags |= flag_line_comment;
++                        continue;
++
++                    case '*':
++                        flags |= flag_block_comment;
++                        continue;
++
++                    default:
++                        sprintf(error,
++                                "%d:%d: Unexpected `%c` in comment opening sequence", cur_line, e_off,
++                                b);
++                        goto e_failed;
++                    }
++                }
++            }
++
++            if (flags & flag_done) {
++                if (!b) {
++                    break;
++                }
++
++                switch (b) {
++whitespace:
++                    continue;
++
++                default:
++                    sprintf(error, "%d:%d: Trailing garbage: `%c`", cur_line,
++                            e_off, b);
++                    goto e_failed;
++                }
++            }
++
++            if (flags & flag_seek_value) {
++                switch (b) {
++whitespace:
++                    continue;
++
++                case ']':
++
++                    if (top->type == json_array) {
++                        flags =
++                            (flags &
++                             ~(flag_need_comma | flag_seek_value)) | flag_next;
++                    } else {
++                        sprintf(error, "%d:%d: Unexpected ]", cur_line, e_off);
++                        goto e_failed;
++                    }
++
++                    break;
++
++                default:
++
++                    if (flags & flag_need_comma) {
++                        if (b == ',') {
++                            flags &= ~flag_need_comma;
++                            continue;
++                        } else {
++                            sprintf(error, "%d:%d: Expected , before %c",
++                                    cur_line, e_off, b);
++                            goto e_failed;
++                        }
++                    }
++
++                    if (flags & flag_need_colon) {
++                        if (b == ':') {
++                            flags &= ~flag_need_colon;
++                            continue;
++                        } else {
++                            sprintf(error, "%d:%d: Expected : before %c",
++                                    cur_line, e_off, b);
++                            goto e_failed;
++                        }
++                    }
++
++                    flags &= ~flag_seek_value;
++
++                    switch (b) {
++                    case '{':
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_object)) {
++                            goto e_alloc_failure;
++                        }
++
++                        continue;
++
++                    case '[':
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_array)) {
++                            goto e_alloc_failure;
++                        }
++
++                        flags |= flag_seek_value;
++                        continue;
++
++                    case '"':
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_string)) {
++                            goto e_alloc_failure;
++                        }
++
++                        flags |= flag_string;
++
++                        string        = top->u.string.ptr;
++                        string_length = 0;
++
++                        continue;
++
++                    case 't':
++
++                        if ((end - i) < 3 || *(++i) != 'r' || *(++i) != 'u' ||
++                            *(++i) != 'e') {
++                            goto e_unknown_value;
++                        }
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_boolean)) {
++                            goto e_alloc_failure;
++                        }
++
++                        top->u.boolean = 1;
++
++                        flags |= flag_next;
++                        break;
++
++                    case 'f':
++
++                        if ((end - i) < 4 || *(++i) != 'a' || *(++i) != 'l' ||
++                            *(++i) != 's' || *(++i) != 'e') {
++                            goto e_unknown_value;
++                        }
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_boolean)) {
++                            goto e_alloc_failure;
++                        }
++
++                        flags |= flag_next;
++                        break;
++
++                    case 'n':
++
++                        if ((end - i) < 3 || *(++i) != 'u' || *(++i) != 'l' ||
++                            *(++i) != 'l') {
++                            goto e_unknown_value;
++                        }
++
++                        if (!new_value(&state, &top, &root, &alloc,
++                                       json_null)) {
++                            goto e_alloc_failure;
++                        }
++
++                        flags |= flag_next;
++                        break;
++
++                    default:
++
++                        if (isdigit((uint8_t)b) || b == '-') {
++                            if (!new_value(&state, &top, &root, &alloc,
++                                           json_integer)) {
++                                goto e_alloc_failure;
++                            }
++
++                            if (!state.first_pass) {
++                                while (isdigit((uint8_t)b) || b == '+' || b ==
++                                       '-'
++                                       || b == 'e' || b == 'E' || b == '.') {
++                                    if ((++i) == end) {
++                                        b = 0;
++                                        break;
++                                    }
++
++                                    b = *i;
++                                }
++
++                                flags |= flag_next | flag_reproc;
++                                break;
++                            }
++
++                            flags &= ~(flag_num_negative | flag_num_e |
++                                       flag_num_e_got_sign |
++                                       flag_num_e_negative |
++                                       flag_num_zero);
++
++                            num_digits   = 0;
++                            num_fraction = 0;
++                            num_e        = 0;
++
++                            if (b != '-') {
++                                flags |= flag_reproc;
++                                break;
++                            }
++
++                            flags |= flag_num_negative;
++                            continue;
++                        } else {
++                            sprintf(error,
++                                    "%d:%d: Unexpected %c when seeking value",
++                                    cur_line, e_off, b);
++                            goto e_failed;
++                        }
++                    }
++                }
++            } else {
++                switch (top->type) {
++                case json_object:
++
++                    switch (b) {
++whitespace:
++                        continue;
++
++                    case '"':
++
++                        if (flags & flag_need_comma) {
++                            sprintf(error, "%d:%d: Expected , before \"",
++                                    cur_line, e_off);
++                            goto e_failed;
++                        }
++
++                        flags |= flag_string;
++
++                        string        = (json_char *)top->_reserved.object_mem;
++                        string_length = 0;
++
++                        break;
++
++                    case '}':
++
++                        flags = (flags & ~flag_need_comma) | flag_next;
++                        break;
++
++                    case ',':
++
++                        if (flags & flag_need_comma) {
++                            flags &= ~flag_need_comma;
++                            break;
++                        }
++
++                    default:
++
++                        sprintf(error, "%d:%d: Unexpected `%c` in object",
++                                cur_line, e_off, b);
++                        goto e_failed;
++                    }
++
++                    break;
++
++                case json_integer:
++                case json_double:
++
++                    if (isdigit((uint8_t)b)) {
++                        ++num_digits;
++
++                        if (top->type == json_integer || flags & flag_num_e) {
++                            if (!(flags & flag_num_e)) {
++                                if (flags & flag_num_zero) {
++                                    sprintf(error,
++                                            "%d:%d: Unexpected `0` before `%c`",
++                                            cur_line, e_off, b);
++                                    goto e_failed;
++                                }
++
++                                if (num_digits == 1 && b == '0') {
++                                    flags |= flag_num_zero;
++                                }
++                            } else {
++                                flags |= flag_num_e_got_sign;
++                                num_e  = (num_e * 10) + (b - '0');
++                                continue;
++                            }
++
++                            top->u.integer = (top->u.integer * 10) + (b - '0');
++                            continue;
++                        }
++
++                        num_fraction = (num_fraction * 10) + (b - '0');
++                        continue;
++                    }
++
++                    if (b == '+' || b == '-') {
++                        if ((flags & flag_num_e) &&
++                            !(flags & flag_num_e_got_sign)) {
++                            flags |= flag_num_e_got_sign;
++
++                            if (b == '-') {
++                                flags |= flag_num_e_negative;
++                            }
++
++                            continue;
++                        }
++                    } else if (b == '.' && top->type == json_integer) {
++                        if (!num_digits) {
++                            sprintf(error, "%d:%d: Expected digit before `.`",
++                                    cur_line, e_off);
++                            goto e_failed;
++                        }
++
++                        top->type  = json_double;
++                        top->u.dbl = (double)top->u.integer;
++
++                        num_digits = 0;
++                        continue;
++                    }
++
++                    if (!(flags & flag_num_e)) {
++                        if (top->type == json_double) {
++                            if (!num_digits) {
++                                sprintf(error,
++                                        "%d:%d: Expected digit after `.`",
++                                        cur_line, e_off);
++                                goto e_failed;
++                            }
++
++                            top->u.dbl += ((double)num_fraction) /
++                                          (pow(10, (double)num_digits));
++                        }
++
++                        if (b == 'e' || b == 'E') {
++                            flags |= flag_num_e;
++
++                            if (top->type == json_integer) {
++                                top->type  = json_double;
++                                top->u.dbl = (double)top->u.integer;
++                            }
++
++                            num_digits = 0;
++                            flags     &= ~flag_num_zero;
++
++                            continue;
++                        }
++                    } else {
++                        if (!num_digits) {
++                            sprintf(error, "%d:%d: Expected digit after `e`",
++                                    cur_line, e_off);
++                            goto e_failed;
++                        }
++
++                        top->u.dbl *=
++                            pow(10,
++                                (double)((flags &
++                                         flag_num_e_negative) ? -num_e : num_e));
++                    }
++
++                    if (flags & flag_num_negative) {
++                        if (top->type == json_integer) {
++                            top->u.integer = -top->u.integer;
++                        } else {
++                            top->u.dbl = -top->u.dbl;
++                        }
++                    }
++
++                    flags |= flag_next | flag_reproc;
++                    break;
++
++                default:
++                    break;
++                }
++            }
++
++            if (flags & flag_reproc) {
++                flags &= ~flag_reproc;
++                --i;
++            }
++
++            if (flags & flag_next) {
++                flags = (flags & ~flag_next) | flag_need_comma;
++
++                if (!top->parent) {
++                    /* root value done */
++
++                    flags |= flag_done;
++                    continue;
++                }
++
++                if (top->parent->type == json_array) {
++                    flags |= flag_seek_value;
++                }
++
++                if (!state.first_pass) {
++                    json_value *parent = top->parent;
++
++                    switch (parent->type) {
++                    case json_object:
++
++                        parent->u.object.values
++                        [parent->u.object.length].value = top;
++
++                        break;
++
++                    case json_array:
++
++                        parent->u.array.values
++                        [parent->u.array.length] = top;
++
++                        break;
++
++                    default:
++                        break;
++                    }
++                }
++
++                if ((++top->parent->u.array.length) > state.uint_max) {
++                    goto e_overflow;
++                }
++
++                top = top->parent;
++
++                continue;
++            }
++        }
++
++        alloc = root;
++    }
++
++    return root;
++
++e_unknown_value:
++
++    sprintf(error, "%d:%d: Unknown value", cur_line, e_off);
++    goto e_failed;
++
++e_alloc_failure:
++
++    strcpy(error, "Memory allocation failure");
++    goto e_failed;
++
++e_overflow:
++
++    sprintf(error, "%d:%d: Too long (caught overflow)", cur_line, e_off);
++    goto e_failed;
++
++e_failed:
++
++    if (error_buf) {
++        if (*error) {
++            strcpy(error_buf, error);
++        } else {
++            strcpy(error_buf, "Unknown error");
++        }
++    }
++
++    if (state.first_pass) {
++        alloc = root;
++    }
++
++    while (alloc) {
++        top = alloc->_reserved.next_alloc;
++        state.settings.mem_free(alloc, state.settings.user_data);
++        alloc = top;
++    }
++
++    if (!state.first_pass) {
++        json_value_free_ex(&state.settings, root);
++    }
++
++    return 0;
++}
++
++json_value *
++json_parse(const json_char *json, size_t length)
++{
++    json_settings settings = { 0UL, 0, NULL, NULL, NULL };
++    return json_parse_ex(&settings, json, length, 0);
++}
++
++void
++json_value_free_ex(json_settings *settings, json_value *value)
++{
++    json_value *cur_value;
++
++    if (!value) {
++        return;
++    }
++
++    value->parent = 0;
++
++    while (value) {
++        switch (value->type) {
++        case json_array:
++
++            if (!value->u.array.length) {
++                settings->mem_free(value->u.array.values, settings->user_data);
++                break;
++            }
++
++            value = value->u.array.values[--value->u.array.length];
++            continue;
++
++        case json_object:
++
++            if (!value->u.object.length) {
++                settings->mem_free(value->u.object.values, settings->user_data);
++                break;
++            }
++
++            value = value->u.object.values[--value->u.object.length].value;
++            continue;
++
++        case json_string:
++
++            settings->mem_free(value->u.string.ptr, settings->user_data);
++            break;
++
++        default:
++            break;
++        }
++
++        cur_value = value;
++        value     = value->parent;
++        settings->mem_free(cur_value, settings->user_data);
++    }
++}
++
++void
++json_value_free(json_value *value)
++{
++    json_settings settings = { 0UL, 0, NULL, NULL, NULL };
++    settings.mem_free = default_free;
++    json_value_free_ex(&settings, value);
++}
+diff --git a/server/json.h b/server/json.h
+new file mode 100644
+index 0000000..016fc5a
+--- /dev/null
++++ b/server/json.h
+@@ -0,0 +1,249 @@
++/* vim: set et ts=3 sw=3 sts=3 ft=c:
++ *
++ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
++ * https://github.com/udp/json-parser
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *   notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *   notice, this list of conditions and the following disclaimer in the
++ *   documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#ifndef _JSON_H
++#define _JSON_H
++
++#ifndef json_char
++#define json_char char
++#endif
++
++#ifndef json_int_t
++#ifndef _MSC_VER
++#include <inttypes.h>
++#define json_int_t int64_t
++#else
++#define json_int_t __int64
++#endif
++#endif
++
++#include <stdlib.h>
++
++#ifdef __cplusplus
++
++#include <string.h>
++
++extern "C"
++{
++#endif
++
++typedef struct {
++    unsigned long max_memory;
++    int settings;
++
++    /* Custom allocator support (leave null to use malloc/free)
++     */
++
++    void * (*mem_alloc)(size_t, int zero, void *user_data);
++    void (*mem_free)(void *, void *user_data);
++
++    void *user_data;       /* will be passed to mem_alloc and mem_free */
++} json_settings;
++
++#define json_enable_comments  0x01
++
++typedef enum {
++    json_none,
++    json_object,
++    json_array,
++    json_integer,
++    json_double,
++    json_string,
++    json_boolean,
++    json_null
++} json_type;
++
++extern const struct _json_value json_value_none;
++
++typedef struct _json_value {
++    struct _json_value *parent;
++
++    json_type type;
++
++    union {
++        int boolean;
++        json_int_t integer;
++        double dbl;
++
++        struct {
++            unsigned int length;
++            json_char *ptr;      /* null terminated */
++        } string;
++
++        struct {
++            unsigned int length;
++
++            struct {
++                json_char *name;
++                unsigned int name_length;
++
++                struct _json_value *value;
++            } *values;
++
++#if defined(__cplusplus) && __cplusplus >= 201103L
++            decltype(values) begin() const
++            {
++                return values;
++            }
++            decltype(values) end() const
++            {
++                return values + length;
++            }
++#endif
++        } object;
++
++        struct {
++            unsigned int length;
++            struct _json_value **values;
++
++#if defined(__cplusplus) && __cplusplus >= 201103L
++            decltype(values) begin() const
++            {
++                return values;
++            }
++            decltype(values) end() const
++            {
++                return values + length;
++            }
++#endif
++        } array;
++    } u;
++
++    union {
++        struct _json_value *next_alloc;
++        void *object_mem;
++    } _reserved;
++
++    /* Some C++ operator sugar */
++
++#ifdef __cplusplus
++
++public:
++
++    inline _json_value(){
++        memset(this, 0, sizeof(_json_value));
++    }
++
++    inline const struct _json_value &operator [] (int index) const {
++        if (type != json_array || index < 0
++            || ((unsigned int)index) >= u.array.length) {
++            return json_value_none;
++        }
++
++        return *u.array.values[index];
++    }
++
++    inline const struct _json_value &operator [] (const char *index) const {
++        if (type != json_object) {
++            return json_value_none;
++        }
++
++        for (unsigned int i = 0; i < u.object.length; ++i)
++            if (!strcmp(u.object.values[i].name, index)) {
++                return *u.object.values[i].value;
++            }
++
++        return json_value_none;
++    }
++
++    inline operator const char * () const
++    {
++        switch (type) {
++        case json_string:
++            return u.string.ptr;
++
++        default:
++            return "";
++        }
++    }
++
++    inline operator
++    json_int_t() const
++    {
++        switch (type) {
++        case json_integer:
++            return u.integer;
++
++        case json_double:
++            return (json_int_t)u.dbl;
++
++        default:
++            return 0;
++        }
++    }
++
++    inline operator
++    bool() const
++    {
++        if (type != json_boolean) {
++            return false;
++        }
++
++        return u.boolean != 0;
++    }
++
++    inline operator double () const
++    {
++        switch (type) {
++        case json_integer:
++            return (double)u.integer;
++
++        case json_double:
++            return u.dbl;
++
++        default:
++            return 0;
++        }
++    }
++
++#endif
++} json_value;
++
++json_value *json_parse(const json_char *json,
++                       size_t length);
++
++#define json_error_max 128
++json_value *json_parse_ex(json_settings *settings,
++                          const json_char *json,
++                          size_t length,
++                          char *error);
++
++void json_value_free(json_value *);
++
++/* Not usually necessary, unless you used a custom mem_alloc and now want to
++ * use a custom mem_free.
++ */
++void json_value_free_ex(json_settings *settings,
++                        json_value *);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif
+diff --git a/server/list.c b/server/list.c
+new file mode 100644
+index 0000000..dde085d
+--- /dev/null
++++ b/server/list.c
+@@ -0,0 +1,370 @@
++#include "list.h"
++
++/// 文件：list_impl.c
++/// 功能：实现链表的基本操作
++/// 作者：bluewind
++/// 完成时间：2011.5.29
++/// 修改时间：2011.5.31, 2011.7.2
++/// 修改备注：在头节点处添加一个空节点，可以优化添加、删除节点代码
++///  再次修改，链表增加节点数据data_size，限制数据大小，修改了
++///  添加复制数据代码，修正重复添加节点后释放节点的Bug，添加了前
++///  插、排序和遍历功能，7.3 添加tail尾指针，改进后插法性能，并改名
++/// --------------------------------------------------------------
++
++void swap_data(Node n1, Node n2);
++
++/// --------------------------------------------------------------
++//  函数名：list_init
++//  功能：  链表初始化
++//  参数：  无
++//  返回值：已初始化链表指针
++//  备注：  链表本身动态分配，由list_destroy函数管理释放
++/// --------------------------------------------------------------
++List list_init(unsigned int data_size)
++{
++    List list = (List) malloc(sizeof(struct clist));
++    if(list != NULL)                                        //内存分配成功
++    {
++        list->head = (Node) malloc(sizeof(node));           //为头节点分配内存
++        if(list->head)          //内存分配成功
++        {
++            list->head->data = NULL;      //初始化头节点
++            list->head->next = NULL;
++            list->data_size  = data_size;
++            list->tail = list->head;
++            list->size = 0;
++
++            list->add_back  = list_add_back;   //初始化成员函数
++            list->add_front  = list_add_front;
++            list->delete_node = list_delete_node;
++            list->delete_at  = list_delete_at;
++            list->modify_at  = list_modify_at;
++            list->have_same  = list_have_same;
++            list->have_same_cmp  = list_have_same_cmp;
++            list->foreach  = list_foreach;
++            list->clear   = list_clear;
++            list->sort   = list_sort;
++            list->destroy  = list_destroy;
++        }
++    }
++    return list;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_add_back
++//  功能：  添加链表结点 (后插法)
++//  参数：  l--链表指针，data--链表数据指针，可为任意类型
++//  返回值：int型，为1表示添加成功，为0表示添加失败
++//  备注：  如果链表本身为空或是分配节点内存失败，将返回0
++/// --------------------------------------------------------------
++int  list_add_back(List l, void *data)
++{
++    Node new_node = (Node) malloc(sizeof(node));
++
++    if(l != NULL && new_node != NULL)  //链表本身不为空，且内存申请成功
++    {
++        new_node->data = malloc(l->data_size);
++        memcpy(new_node->data, data, l->data_size);
++        new_node->next = NULL;
++
++        l->tail->next = new_node;   //添加节点
++        l->tail = new_node;     //记录尾节点位置
++        l->size ++;       //链表元素总数加1
++
++        return 1;
++    }
++
++    return 0;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_add_front
++//  功能：  添加链表结点 (前插法)
++//  参数：  l--链表指针，data--链表数据指针，可为任意类型
++//  返回值：int型，为1表示添加成功，为0表示添加失败
++//  备注：  如果链表本身为空或是分配节点内存失败，将返回0
++/// --------------------------------------------------------------
++int list_add_front(List l, void *data)
++{
++    Node new_node = (Node) malloc(sizeof(node));
++
++    if(l != NULL && new_node != NULL)
++    {
++        new_node->data = malloc(l->data_size);
++        memcpy(new_node->data, data, l->data_size);
++        new_node->next = l->head->next;
++
++        l->head->next = new_node;
++        if(!l->size)        //记录尾指针位置
++            l->tail = new_node;
++        l->size ++;
++
++        return 1;
++    }
++
++    return 0;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_delete_node
++//  功能：删除链表结点
++//  参数：l--链表指针，data--链表数据指针，可为任意类型
++//        *pfunc为指向一个数据类型比较的函数指针
++//  返回值：int型，为1表示删除成功，为0表示没有找到匹配数据
++//  备注：*pfunc函数接口参数ndata为节点数据，data为比较数据，返回为真表示匹配数据
++/// --------------------------------------------------------------
++int  list_delete_node(List l, void *data, int (*pfunc)(void *ndata, void *data))
++{
++    if(l != NULL)
++    {
++        Node prev = l->head;      //前一个节点
++        Node curr = l->head->next;     //当前节点
++
++        while(curr != NULL)
++        {
++            if(pfunc(curr->data, data))    //如果找到匹配数据
++            {
++                if(curr == l->tail)     //如果是删除尾节点
++                 l->tail = prev;
++
++                prev->next = prev->next->next;  //修改前节点next指针指向下下个节点
++
++                free(curr->data);     //释放节点数据
++                free(curr);       //释放节点
++
++                l->size--;       //链表元素总数减1
++                return 1;       //返回真值
++            }
++            prev = prev->next;      //没有找到匹配时移动前节点和当前节点
++            curr = curr->next;
++        }
++    }
++
++ return 0;         //没有找到匹配数据
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_delete_at
++//  功能：  修改链表节点元素值
++//  参数：  l--链表指针，index--索引值, 范围(0 -- size-1)
++//  返回值：int型，为1表示删除成功，为0表示删除失败
++//  备注：  如果链表本身为空或是index为非法值，将返回0
++/// --------------------------------------------------------------
++int list_delete_at(List l, unsigned int index)
++{
++    unsigned int cindex = 0;
++
++    if(l != NULL && index >= 0 && index < l->size)
++    {
++        Node prev = l->head;      //前一个节点
++        Node curr = l->head->next;     //当前节点
++
++        while(cindex != index)
++        {
++            prev = prev->next;
++            curr = curr->next;
++            cindex ++;
++        }
++
++        if(index == (l->size) - 1)
++            l->tail = prev;
++
++        prev->next = prev->next->next;
++        free(curr->data);
++        free(curr);
++        l->size --;
++
++        return 1;
++    }
++
++    return 0;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_modify_at
++//  功能：  修改链表节点元素值
++//  参数：  l--链表指针，index--索引值, 范围(0 -- size-1)
++//   data--链表数据指针
++//  返回值：int型，为1表示修改成功，为0表示修改失败
++//  备注：  如果链表本身为空或是index为非法值，将返回0
++/// --------------------------------------------------------------
++int list_modify_at(List l, unsigned int index, void *new_data)
++{
++    unsigned int cindex = 0;
++
++    if(l != NULL && index >= 0 && index < l->size )  //非空链表，并且index值合法
++    {
++        Node curr = l->head->next;
++        while(cindex != index)
++        {
++            curr = curr->next;
++            cindex ++;
++        }
++        memcpy(curr->data, new_data, l->data_size);
++        return 1;
++    }
++
++    return 0;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_sort
++//  功能：  链表排序
++//  参数：  l--链表指针，*pfunc为指向一个数据类型比较的函数指针
++//  返回值：无
++//  备注：  使用简单选择排序法，相比冒泡法每次交换，效率高一点
++/// --------------------------------------------------------------
++void list_sort(List l, compare pfunc)
++{
++    if(l != NULL)
++    {
++        Node min, icurr, jcurr;
++
++        icurr = l->head->next;
++        while(icurr)
++        {
++            min = icurr;        //记录最小值
++            jcurr = icurr->next;      //内循环指向下一个节点
++            while(jcurr)
++            {
++                if(pfunc(min->data, jcurr->data))  //如果找到n+1到最后一个元素最小值
++                    min = jcurr;      //记录下最小值的位置
++
++                jcurr = jcurr->next;
++            }
++
++            if(min != icurr)       //当最小值位置和n+1元素位置不相同时
++            {
++                swap_data(min, icurr);     //才进行交换，减少交换次数
++            }
++
++            icurr = icurr->next;
++        }
++    }
++}
++
++void swap_data(Node n1, Node n2)
++{
++    void *temp;
++
++    temp = n2->data;
++    n2->data = n1->data;
++    n1->data = temp;
++}
++
++
++int list_have_same(List l, void *data, int (*pfunc)(void *ndata, void *data))
++{
++    if(l != NULL)
++    {
++        Node curr;
++
++        for(curr = l->head->next; curr != NULL; curr = curr->next)
++        {
++            if(pfunc(curr->data, data))
++            {
++                return 1;
++            }
++        }
++    }
++
++    return 0;
++}
++
++int list_have_same_cmp(List l, void *data)
++{
++    if(l != NULL)
++    {
++        Node curr;
++
++        for(curr = l->head->next; curr != NULL; curr = curr->next)
++        {
++            if(memcmp(curr->data, data, l->data_size))
++            {
++                return 1;
++            }
++        }
++    }
++
++    return 0;
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_foreach
++//  功能：  遍历链表元素
++//  参数：  l--链表指针，doit为指向一个处理数据的函数指针
++//  返回值：无
++//  备注：  doit申明为void (*dofunc)(void *ndata)原型
++/// --------------------------------------------------------------
++void list_foreach(List l, dofunc doit)
++{
++    if(l != NULL)
++    {
++        Node curr;
++
++        for(curr = l->head->next; curr != NULL; curr = curr->next)
++        {
++            doit(curr->data);
++        }
++    }
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_clear
++//  功能：  清空链表元素
++//  参数：  l--链表指针
++//  返回值：无
++// 备注： 没有使用先Destroy再Init链表的办法，直接实现
++/// --------------------------------------------------------------
++void list_clear(List l)
++{
++    if(l != NULL)
++    {
++        Node temp;
++        Node curr = l->head->next;
++
++        while(curr != NULL)
++        {
++            temp = curr->next;
++
++            free(curr->data);    //释放节点和数据
++            free(curr);
++
++            curr = temp;
++        }
++
++        l->size = 0;      //重置链表数据
++        l->head->next = NULL;
++        l->tail = l->head;
++    }
++}
++
++/// --------------------------------------------------------------
++//  函数名：list_destroy
++//  功能：  释放链表
++//  参数：  l--链表指针
++//  返回值：空链表指针
++/// --------------------------------------------------------------
++List list_destroy(List l)
++{
++    if(l != NULL)
++    {
++        Node temp;
++
++        while(l->head)
++        {
++            temp = l->head->next;
++
++            if(l->head->data != NULL)   //如果是头节点就不释放数据空间
++            free(l->head->data);   //先释放节点数据(但是节点数据里也有指针？)
++            free(l->head);      //再释放节点
++
++            l->head = temp;
++        }
++
++        free(l);        //释放链表本身占用空间
++        l = NULL;
++    }
++
++    return l;
++}
+diff --git a/server/list.h b/server/list.h
+new file mode 100644
+index 0000000..ab49720
+--- /dev/null
++++ b/server/list.h
+@@ -0,0 +1,61 @@
++#ifndef LIST_H_H
++#define LIST_H_H
++
++#include <stdio.h>
++#include <malloc.h>
++#include <string.h>
++
++typedef struct clist *List;
++
++typedef int (*compare)(void *ndata, void *data);
++typedef void (*dofunc)(void *ndata);
++
++typedef int (*lpf0)(List l, void *data);
++typedef int (*lpf1)(List l, void *data, compare pfunc);
++typedef List (*lpf2)(List l);
++typedef void (*lpf3)(List l);
++typedef void (*lpf4)(List l, dofunc pfunc);
++typedef int (*lpf5)(List l, unsigned int index, void *new_data);
++typedef void (*lpf6)(List l, compare pfunc);
++typedef int (*lpf7)(List l, unsigned int index);
++
++typedef struct cnode
++{
++    void *data;
++    struct cnode *next;
++}node, *Node;
++
++typedef struct clist
++{
++    Node head;
++    Node tail;
++    unsigned int size;
++    unsigned int data_size;
++    lpf0 add_back;
++    lpf0 add_front;
++    lpf1 delete_node;
++    lpf1 have_same;
++    lpf0 have_same_cmp;
++    lpf4 foreach;
++    lpf3 clear;
++    lpf2 destroy;
++    lpf5 modify_at;
++    lpf6 sort;
++    lpf7 delete_at;
++}list;
++
++//初始化链表
++List list_init(unsigned int data_size);
++int  list_add_back(List l, void *data);
++int  list_add_front(List l, void *data);
++int  list_delete_node(List l, void *data, compare pfunc);
++int  list_delete_at(List l, unsigned int index);
++int  list_modify_at(List l, unsigned int index, void *new_data);
++int  list_have_same(List l, void *data, compare pfunc);
++int  list_have_same_cmp(List l, void *data);
++void list_foreach(List l, dofunc doit);
++void list_sort(List l, compare pfunc);
++void list_clear(List l);
++//释放链表
++List list_destroy(List l);
++#endif
+diff --git a/server/netutils.c b/server/netutils.c
+new file mode 100644
+index 0000000..3a32b4d
+--- /dev/null
++++ b/server/netutils.c
+@@ -0,0 +1,297 @@
++/*
++ * netutils.c - Network utilities
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#include <math.h>
++
++#include <libcork/core.h>
++#include <udns.h>
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#ifdef __MINGW32__
++#include "win32.h"
++#define sleep(n) Sleep(1000 * (n))
++#else
++#include <sys/socket.h>
++#include <netdb.h>
++#include <netinet/in.h>
++#include <unistd.h>
++#endif
++
++#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
++#include <net/if.h>
++#include <sys/ioctl.h>
++#define SET_INTERFACE
++#endif
++
++#include "netutils.h"
++#include "utils.h"
++
++#ifndef SO_REUSEPORT
++#define SO_REUSEPORT 15
++#endif
++
++extern int verbose;
++
++static const char valid_label_bytes[] =
++    "-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz";
++
++#if defined(MODULE_LOCAL)
++extern int keep_resolving;
++#endif
++
++int
++set_reuseport(int socket)
++{
++    int opt = 1;
++    return setsockopt(socket, SOL_SOCKET, SO_REUSEPORT, &opt, sizeof(opt));
++}
++
++size_t
++get_sockaddr_len(struct sockaddr *addr)
++{
++    if (addr->sa_family == AF_INET) {
++        return sizeof(struct sockaddr_in);
++    } else if (addr->sa_family == AF_INET6) {
++        return sizeof(struct sockaddr_in6);
++    }
++    return 0;
++}
++
++#ifdef SET_INTERFACE
++int
++setinterface(int socket_fd, const char *interface_name)
++{
++    struct ifreq interface;
++    memset(&interface, 0, sizeof(struct ifreq));
++    strncpy(interface.ifr_name, interface_name, IFNAMSIZ);
++    int res = setsockopt(socket_fd, SOL_SOCKET, SO_BINDTODEVICE, &interface,
++                         sizeof(struct ifreq));
++    return res;
++}
++
++#endif
++
++int
++bind_to_address(int socket_fd, const char *host)
++{
++    if (host != NULL) {
++        struct cork_ip ip;
++        struct sockaddr_storage storage;
++        memset(&storage, 0, sizeof(struct sockaddr_storage));
++        if (cork_ip_init(&ip, host) != -1) {
++            if (ip.version == 4) {
++                struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
++                dns_pton(AF_INET, host, &addr->sin_addr);
++                addr->sin_family = AF_INET;
++                return bind(socket_fd, (struct sockaddr *)addr, sizeof(struct sockaddr_in));
++            } else if (ip.version == 6) {
++                struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
++                dns_pton(AF_INET6, host, &addr->sin6_addr);
++                addr->sin6_family = AF_INET6;
++                return bind(socket_fd, (struct sockaddr *)addr, sizeof(struct sockaddr_in6));
++            }
++        }
++    }
++    return -1;
++}
++
++ssize_t
++get_sockaddr(char *host, char *port,
++             struct sockaddr_storage *storage, int block,
++             int ipv6first)
++{
++    struct cork_ip ip;
++    if (cork_ip_init(&ip, host) != -1) {
++        if (ip.version == 4) {
++            struct sockaddr_in *addr = (struct sockaddr_in *)storage;
++            addr->sin_family = AF_INET;
++            dns_pton(AF_INET, host, &(addr->sin_addr));
++            if (port != NULL) {
++                addr->sin_port = htons(atoi(port));
++            }
++        } else if (ip.version == 6) {
++            struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
++            addr->sin6_family = AF_INET6;
++            dns_pton(AF_INET6, host, &(addr->sin6_addr));
++            if (port != NULL) {
++                addr->sin6_port = htons(atoi(port));
++            }
++        }
++        return 0;
++    } else {
++        struct addrinfo hints;
++        struct addrinfo *result, *rp;
++
++        memset(&hints, 0, sizeof(struct addrinfo));
++        hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
++        hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
++
++        int err, i;
++
++        for (i = 1; i < 8; i++) {
++            err = getaddrinfo(host, port, &hints, &result);
++#if defined(MODULE_LOCAL)
++            if (!keep_resolving)
++                break;
++#endif
++            if ((!block || !err)) {
++                break;
++            } else {
++                sleep(pow(2, i));
++                LOGE("failed to resolve server name, wait %.0f seconds", pow(2, i));
++            }
++        }
++
++        if (err != 0) {
++            LOGE("getaddrinfo: %s", gai_strerror(err));
++            return -1;
++        }
++
++        int prefer_af = ipv6first ? AF_INET6 : AF_INET;
++        for (rp = result; rp != NULL; rp = rp->ai_next)
++            if (rp->ai_family == prefer_af) {
++                if (rp->ai_family == AF_INET)
++                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in));
++                else if (rp->ai_family == AF_INET6)
++                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in6));
++                break;
++            }
++
++        if (rp == NULL) {
++            for (rp = result; rp != NULL; rp = rp->ai_next) {
++                if (rp->ai_family == AF_INET)
++                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in));
++                else if (rp->ai_family == AF_INET6)
++                    memcpy(storage, rp->ai_addr, sizeof(struct sockaddr_in6));
++                break;
++            }
++        }
++
++        if (rp == NULL) {
++            LOGE("failed to resolve remote addr");
++            return -1;
++        }
++
++        freeaddrinfo(result);
++        return 0;
++    }
++
++    return -1;
++}
++
++int
++sockaddr_cmp(struct sockaddr_storage *addr1,
++             struct sockaddr_storage *addr2, socklen_t len)
++{
++    struct sockaddr_in *p1_in   = (struct sockaddr_in *)addr1;
++    struct sockaddr_in *p2_in   = (struct sockaddr_in *)addr2;
++    struct sockaddr_in6 *p1_in6 = (struct sockaddr_in6 *)addr1;
++    struct sockaddr_in6 *p2_in6 = (struct sockaddr_in6 *)addr2;
++    if (p1_in->sin_family < p2_in->sin_family)
++        return -1;
++    if (p1_in->sin_family > p2_in->sin_family)
++        return 1;
++    /* compare ip4 */
++    if (p1_in->sin_family == AF_INET) {
++        /* just order it, ntohs not required */
++        if (p1_in->sin_port < p2_in->sin_port)
++            return -1;
++        if (p1_in->sin_port > p2_in->sin_port)
++            return 1;
++        return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE);
++    } else if (p1_in6->sin6_family == AF_INET6) {
++        /* just order it, ntohs not required */
++        if (p1_in6->sin6_port < p2_in6->sin6_port)
++            return -1;
++        if (p1_in6->sin6_port > p2_in6->sin6_port)
++            return 1;
++        return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr,
++                      INET6_SIZE);
++    } else {
++        /* eek unknown type, perform this comparison for sanity. */
++        return memcmp(addr1, addr2, len);
++    }
++}
++
++int
++sockaddr_cmp_addr(struct sockaddr_storage *addr1,
++                  struct sockaddr_storage *addr2, socklen_t len)
++{
++    struct sockaddr_in *p1_in   = (struct sockaddr_in *)addr1;
++    struct sockaddr_in *p2_in   = (struct sockaddr_in *)addr2;
++    struct sockaddr_in6 *p1_in6 = (struct sockaddr_in6 *)addr1;
++    struct sockaddr_in6 *p2_in6 = (struct sockaddr_in6 *)addr2;
++    if (p1_in->sin_family < p2_in->sin_family)
++        return -1;
++    if (p1_in->sin_family > p2_in->sin_family)
++        return 1;
++    /* compare ip4 */
++    if (p1_in->sin_family == AF_INET) {
++        return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, INET_SIZE);
++    } else if (p1_in6->sin6_family == AF_INET6) {
++        return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr,
++                      INET6_SIZE);
++    } else {
++        /* eek unknown type, perform this comparison for sanity. */
++        return memcmp(addr1, addr2, len);
++    }
++}
++
++int
++validate_hostname(const char *hostname, const int hostname_len)
++{
++    if (hostname == NULL)
++        return 0;
++
++    if (hostname_len < 1 || hostname_len > 255)
++        return 0;
++
++    if (hostname[0] == '.')
++        return 0;
++
++    const char *label = hostname;
++    while (label < hostname + hostname_len) {
++        size_t label_len = hostname_len - (label - hostname);
++        char *next_dot   = strchr(label, '.');
++        if (next_dot != NULL)
++            label_len = next_dot - label;
++
++        if (label + label_len > hostname + hostname_len)
++            return 0;
++
++        if (label_len > 63 || label_len < 1)
++            return 0;
++
++        if (label[0] == '-' || label[label_len - 1] == '-')
++            return 0;
++
++        if (strspn(label, valid_label_bytes) < label_len)
++            return 0;
++
++        label += label_len + 1;
++    }
++
++    return 1;
++}
+diff --git a/server/netutils.h b/server/netutils.h
+new file mode 100644
+index 0000000..0725592
+--- /dev/null
++++ b/server/netutils.h
+@@ -0,0 +1,98 @@
++/*
++ * netutils.h - Network utilities
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _NETUTILS_H
++#define _NETUTILS_H
++
++#if defined(__linux__)
++#include <netdb.h>
++#elif !defined(__MINGW32__)
++#include <netinet/tcp.h>
++#endif
++
++// only enable TCP_FASTOPEN on linux
++#if defined(__linux__)
++#include <linux/tcp.h>
++/*  conditional define for TCP_FASTOPEN */
++#ifndef TCP_FASTOPEN
++#define TCP_FASTOPEN   23
++#endif
++/*  conditional define for MSG_FASTOPEN */
++#ifndef MSG_FASTOPEN
++#define MSG_FASTOPEN   0x20000000
++#endif
++#elif !defined(__APPLE__)
++#ifdef TCP_FASTOPEN
++#undef TCP_FASTOPEN
++#endif
++#endif
++
++/* Backward compatibility for MPTCP_ENABLED between kernel 3 & 4 */
++#ifndef MPTCP_ENABLED
++#ifdef TCP_CC_INFO
++#define MPTCP_ENABLED 42
++#else
++#define MPTCP_ENABLED 26
++#endif
++#endif
++
++/** byte size of ip4 address */
++#define INET_SIZE 4
++/** byte size of ip6 address */
++#define INET6_SIZE 16
++
++size_t get_sockaddr_len(struct sockaddr *addr);
++ssize_t get_sockaddr(char *host, char *port,
++                     struct sockaddr_storage *storage, int block,
++                     int ipv6first);
++int set_reuseport(int socket);
++
++#ifdef SET_INTERFACE
++int setinterface(int socket_fd, const char *interface_name);
++#endif
++
++int bind_to_address(int socket_fd, const char *address);
++
++/**
++ * Compare two sockaddrs. Imposes an ordering on the addresses.
++ * Compares address and port.
++ * @param addr1: address 1.
++ * @param addr2: address 2.
++ * @param len: lengths of addr.
++ * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
++ */
++int sockaddr_cmp(struct sockaddr_storage *addr1,
++                 struct sockaddr_storage *addr2, socklen_t len);
++
++/**
++ * Compare two sockaddrs. Compares address, not the port.
++ * @param addr1: address 1.
++ * @param addr2: address 2.
++ * @param len: lengths of addr.
++ * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
++ */
++int sockaddr_cmp_addr(struct sockaddr_storage *addr1,
++                      struct sockaddr_storage *addr2, socklen_t len);
++
++int validate_hostname(const char *hostname, const int hostname_len);
++
++#endif
+diff --git a/server/obfs.c b/server/obfs.c
+new file mode 100644
+index 0000000..5c885bf
+--- /dev/null
++++ b/server/obfs.c
+@@ -0,0 +1,205 @@
++#include <string.h>
++#include <stdlib.h>
++
++#include "utils.h"
++#include "obfs.h"
++
++int rand_bytes(uint8_t *output, int len);
++#define OBFS_HMAC_SHA1_LEN 10
++
++#include "obfsutil.c"
++#include "crc32.c"
++#include "base64.c"
++#include "http_simple.c"
++#include "tls1.2_ticket.c"
++#include "verify.c"
++#include "auth.c"
++
++void * init_data() {
++    return malloc(1);
++}
++
++obfs * new_obfs() {
++    obfs * self = (obfs*)malloc(sizeof(obfs));
++    self->l_data = NULL;
++    return self;
++}
++
++void set_server_info(obfs *self, server_info *server) {
++    memmove(&self->server, server, sizeof(server_info));
++}
++
++void get_server_info(obfs *self, server_info *server) {
++    memmove(server, &self->server, sizeof(server_info));
++}
++
++void dispose_obfs(obfs *self) {
++    free(self);
++}
++
++obfs_class * new_obfs_class(char *plugin_name)
++{
++    if (plugin_name == NULL)
++        return NULL;
++    if (strcmp(plugin_name, "origin") == 0)
++        return NULL;
++    if (strcmp(plugin_name, "plain") == 0)
++        return NULL;
++    init_crc32_table();
++    init_shift128plus();
++    if (strcmp(plugin_name, "http_simple") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = init_data;
++        plugin->new_obfs = http_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = http_simple_dispose;
++
++        plugin->client_encode = http_simple_client_encode;
++        plugin->client_decode = http_simple_client_decode;
++
++        plugin->server_encode = http_simple_server_encode;
++        plugin->server_decode = http_simple_server_decode;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "http_post") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = init_data;
++        plugin->new_obfs = http_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = http_simple_dispose;
++
++        plugin->client_encode = http_post_client_encode;
++        plugin->client_decode = http_simple_client_decode;
++
++        plugin->server_encode = http_simple_server_encode;
++        plugin->server_decode = http_simple_server_decode;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "tls1.2_ticket_auth") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = tls12_ticket_auth_init_data;
++        plugin->new_obfs = tls12_ticket_auth_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = tls12_ticket_auth_dispose;
++
++        plugin->client_encode = tls12_ticket_auth_client_encode;
++        plugin->client_decode = tls12_ticket_auth_client_decode;
++
++        plugin->server_encode = tls12_ticket_auth_server_encode;
++        plugin->server_decode = tls12_ticket_auth_server_decode;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "verify_simple") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = init_data;
++        plugin->new_obfs = verify_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = verify_simple_dispose;
++
++        plugin->client_pre_encrypt = verify_simple_client_pre_encrypt;
++        plugin->client_post_decrypt = verify_simple_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = NULL;
++        plugin->client_udp_post_decrypt = NULL;
++
++        plugin->server_pre_encrypt = verify_simple_server_pre_encrypt;
++        plugin->server_post_decrypt = verify_simple_server_post_decrypt;
++        plugin->server_udp_pre_encrypt = NULL;
++        plugin->server_udp_post_decrypt = NULL;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_simple") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_simple_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_simple_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = NULL;
++        plugin->client_udp_post_decrypt = NULL;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_sha1") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_sha1_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_sha1_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = NULL;
++        plugin->client_udp_post_decrypt = NULL;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_sha1_v2") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_sha1_v2_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_sha1_v2_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = NULL;
++        plugin->client_udp_post_decrypt = NULL;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_sha1_v4") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_simple_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_sha1_v4_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_sha1_v4_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = NULL;
++        plugin->client_udp_post_decrypt = NULL;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_aes128_md5") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_aes128_md5_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_aes128_sha1_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_aes128_sha1_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = auth_aes128_sha1_client_udp_pre_encrypt;
++        plugin->client_udp_post_decrypt = auth_aes128_sha1_client_udp_post_decrypt;
++
++        return plugin;
++    } else if (strcmp(plugin_name, "auth_aes128_sha1") == 0) {
++        obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs));
++        plugin->init_data = auth_simple_init_data;
++        plugin->new_obfs = auth_aes128_sha1_new_obfs;
++        plugin->get_server_info = get_server_info;
++        plugin->set_server_info = set_server_info;
++        plugin->dispose = auth_simple_dispose;
++
++        plugin->client_pre_encrypt = auth_aes128_sha1_client_pre_encrypt;
++        plugin->client_post_decrypt = auth_aes128_sha1_client_post_decrypt;
++        plugin->client_udp_pre_encrypt = auth_aes128_sha1_client_udp_pre_encrypt;
++        plugin->client_udp_post_decrypt = auth_aes128_sha1_client_udp_post_decrypt;
++
++        return plugin;
++    }
++    LOGE("Load obfs '%s' failed", plugin_name);
++    return NULL;
++}
++
++void free_obfs_class(obfs_class *plugin) {
++    free(plugin);
++}
+diff --git a/server/obfs.h b/server/obfs.h
+new file mode 100644
+index 0000000..74c60c9
+--- /dev/null
++++ b/server/obfs.h
+@@ -0,0 +1,100 @@
++/*
++ * obfs.h - Define shadowsocksR server's buffers and callbacks
++ *
++ * Copyright (C) 2015 - 2016, Break Wa11 <mmgac001@gmail.com>
++ */
++
++#ifndef _OBFS_H
++#define _OBFS_H
++
++#include <stdint.h>
++#include <unistd.h>
++
++typedef struct server_info {
++    char host[64];
++    uint16_t port;
++    char *param;
++    void *g_data;
++    uint8_t *iv;
++    size_t iv_len;
++    uint8_t *recv_iv;
++    size_t recv_iv_len;
++    uint8_t *key;
++    size_t key_len;
++    int head_len;
++    size_t tcp_mss;
++}server_info;
++
++typedef struct obfs {
++    server_info server;
++    void *l_data;
++}obfs;
++
++typedef struct obfs_class {
++    void * (*init_data)();
++    obfs * (*new_obfs)();
++    void (*get_server_info)(obfs *self, server_info *server);
++    void (*set_server_info)(obfs *self, server_info *server);
++    void (*dispose)(obfs *self);
++
++    int (*client_pre_encrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*client_encode)(obfs *self,
++            char **pencryptdata,
++            int datalength,
++            size_t* capacity);
++    int (*client_decode)(obfs *self,
++            char **pencryptdata,
++            int datalength,
++            size_t* capacity,
++            int *needsendback);
++    int (*client_post_decrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*client_udp_pre_encrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*client_udp_post_decrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*server_pre_encrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*server_post_decrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*server_udp_pre_encrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*server_udp_post_decrypt)(obfs *self,
++            char **pplaindata,
++            int datalength,
++            size_t* capacity);
++    int (*server_encode)(obfs *self,
++            char **pencryptdata,
++            int datalength,
++            size_t* capacity);
++    int (*server_decode)(obfs *self,
++            char **pencryptdata,
++            int datalength,
++            size_t* capacity,
++            int *needsendback);
++}obfs_class;
++
++obfs_class * new_obfs_class(char *plugin_name);
++void free_obfs_class(obfs_class *plugin);
++
++void set_server_info(obfs *self, server_info *server);
++void get_server_info(obfs *self, server_info *server);
++obfs * new_obfs();
++void dispose_obfs(obfs *self);
++
++#endif // _OBFS_H
+diff --git a/server/obfsutil.c b/server/obfsutil.c
+new file mode 100644
+index 0000000..d00959b
+--- /dev/null
++++ b/server/obfsutil.c
+@@ -0,0 +1,36 @@
++int get_head_size(char *plaindata, int size, int def_size) {
++    if (plaindata == NULL || size < 2)
++        return def_size;
++    int head_type = plaindata[0] & 0x7;
++    if (head_type == 1)
++        return 7;
++    if (head_type == 4)
++        return 19;
++    if (head_type == 3)
++        return 4 + plaindata[1];
++    return def_size;
++}
++
++static int shift128plus_init_flag = 0;
++static uint64_t shift128plus_s[2] = {0x10000000, 0xFFFFFFFF};
++
++void init_shift128plus(void) {
++    if (shift128plus_init_flag == 0) {
++        shift128plus_init_flag = 1;
++        uint32_t seed = time(NULL);
++        shift128plus_s[0] = seed | 0x100000000L;
++        shift128plus_s[1] = ((uint64_t)seed << 32) | 0x1;
++    }
++}
++
++uint64_t xorshift128plus(void) {
++    uint64_t x = shift128plus_s[0];
++    uint64_t const y = shift128plus_s[1];
++    shift128plus_s[0] = y;
++    x ^= x << 23; // a
++    x ^= x >> 17; // b
++    x ^= y ^ (y >> 26); // c
++    shift128plus_s[1] = x;
++    return x + y;
++}
++
+diff --git a/server/protocol.h b/server/protocol.h
+new file mode 100644
+index 0000000..eaa866e
+--- /dev/null
++++ b/server/protocol.h
+@@ -0,0 +1,34 @@
++/*
++ * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef PROTOCOL_H
++#define PROTOCOL_H
++
++typedef struct protocol {
++    const int default_port;
++    int(*const parse_packet)(const char *, size_t, char **);
++} protocol_t;
++
++#endif
+diff --git a/server/resolv.c b/server/resolv.c
+new file mode 100644
+index 0000000..f580d06
+--- /dev/null
++++ b/server/resolv.c
+@@ -0,0 +1,444 @@
++/*
++ * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <fcntl.h>
++#include <ev.h>
++#include <udns.h>
++
++#ifdef __MINGW32__
++#include "win32.h"
++#else
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <errno.h>
++#include <unistd.h>
++#endif
++
++#include "resolv.h"
++#include "utils.h"
++#include "netutils.h"
++
++/*
++ * Implement DNS resolution interface using libudns
++ */
++
++struct ResolvQuery {
++    void (*client_cb)(struct sockaddr *, void *);
++    void (*client_free_cb)(void *);
++    void *client_cb_data;
++    struct dns_query *queries[2];
++    size_t response_count;
++    struct sockaddr **responses;
++    uint16_t port;
++};
++
++extern int verbose;
++
++static struct ev_io resolv_io_watcher;
++static struct ev_timer resolv_timeout_watcher;
++static const int MODE_IPV4_ONLY  = 0;
++static const int MODE_IPV6_ONLY  = 1;
++static const int MODE_IPV4_FIRST = 2;
++static const int MODE_IPV6_FIRST = 3;
++static int resolv_mode           = 0;
++
++static void resolv_sock_cb(struct ev_loop *, struct ev_io *, int);
++static void resolv_timeout_cb(struct ev_loop *, struct ev_timer *, int);
++static void dns_query_v4_cb(struct dns_ctx *, struct dns_rr_a4 *, void *);
++static void dns_query_v6_cb(struct dns_ctx *, struct dns_rr_a6 *, void *);
++static void dns_timer_setup_cb(struct dns_ctx *, int, void *);
++static void process_client_callback(struct ResolvQuery *);
++static inline int all_queries_are_null(struct ResolvQuery *);
++static struct sockaddr *choose_ipv4_first(struct ResolvQuery *);
++static struct sockaddr *choose_ipv6_first(struct ResolvQuery *);
++static struct sockaddr *choose_any(struct ResolvQuery *);
++
++int
++resolv_init(struct ev_loop *loop, char **nameservers, int nameserver_num, int ipv6first)
++{
++    if (ipv6first)
++        resolv_mode = MODE_IPV6_FIRST;
++    else
++        resolv_mode = MODE_IPV4_FIRST;
++
++    struct dns_ctx *ctx = &dns_defctx;
++    if (nameservers == NULL) {
++        /* Nameservers not specified, use system resolver config */
++        dns_init(ctx, 0);
++    } else {
++        dns_reset(ctx);
++
++        for (int i = 0; i < nameserver_num; i++) {
++            char *server = nameservers[i];
++            dns_add_serv(ctx, server);
++        }
++    }
++
++    int sockfd = dns_open(ctx);
++    if (sockfd < 0) {
++        FATAL("Failed to open DNS resolver socket");
++    }
++
++    if (nameserver_num == 1 && nameservers != NULL) {
++        if (strncmp("127.0.0.1", nameservers[0], 9) == 0
++            || strncmp("::1", nameservers[0], 3) == 0) {
++            if (verbose) {
++                LOGI("bind UDP resolver to %s", nameservers[0]);
++            }
++            if (bind_to_address(sockfd, nameservers[0]) == -1)
++                ERROR("bind_to_address");
++        }
++    }
++
++#ifdef __MINGW32__
++    setnonblocking(sockfd);
++#else
++    int flags = fcntl(sockfd, F_GETFL, 0);
++    fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
++#endif
++
++    ev_io_init(&resolv_io_watcher, resolv_sock_cb, sockfd, EV_READ);
++    resolv_io_watcher.data = ctx;
++
++    ev_io_start(loop, &resolv_io_watcher);
++
++    ev_timer_init(&resolv_timeout_watcher, resolv_timeout_cb, 0.0, 0.0);
++    resolv_timeout_watcher.data = ctx;
++
++    dns_set_tmcbck(ctx, dns_timer_setup_cb, loop);
++
++    return sockfd;
++}
++
++void
++resolv_shutdown(struct ev_loop *loop)
++{
++    struct dns_ctx *ctx = (struct dns_ctx *)resolv_io_watcher.data;
++
++    ev_io_stop(loop, &resolv_io_watcher);
++
++    if (ev_is_active(&resolv_timeout_watcher)) {
++        ev_timer_stop(loop, &resolv_timeout_watcher);
++    }
++
++    dns_close(ctx);
++}
++
++struct ResolvQuery *
++resolv_query(const char *hostname, void (*client_cb)(struct sockaddr *, void *),
++             void (*client_free_cb)(void *), void *client_cb_data,
++             uint16_t port)
++{
++    struct dns_ctx *ctx = (struct dns_ctx *)resolv_io_watcher.data;
++
++    /*
++     * Wrap udns's call back in our own
++     */
++    struct ResolvQuery *cb_data = ss_malloc(sizeof(struct ResolvQuery));
++    if (cb_data == NULL) {
++        LOGE("Failed to allocate memory for DNS query callback data.");
++        return NULL;
++    }
++    memset(cb_data, 0, sizeof(struct ResolvQuery));
++
++    cb_data->client_cb      = client_cb;
++    cb_data->client_free_cb = client_free_cb;
++    cb_data->client_cb_data = client_cb_data;
++    memset(cb_data->queries, 0, sizeof(cb_data->queries));
++    cb_data->response_count = 0;
++    cb_data->responses      = NULL;
++    cb_data->port           = port;
++
++    /* Submit A and AAAA queries */
++    if (resolv_mode != MODE_IPV6_ONLY) {
++        cb_data->queries[0] = dns_submit_a4(ctx,
++                                            hostname, 0,
++                                            dns_query_v4_cb, cb_data);
++        if (cb_data->queries[0] == NULL) {
++            LOGE("Failed to submit DNS query: %s",
++                 dns_strerror(dns_status(ctx)));
++        }
++    }
++
++    if (resolv_mode != MODE_IPV4_ONLY) {
++        cb_data->queries[1] = dns_submit_a6(ctx,
++                                            hostname, 0,
++                                            dns_query_v6_cb, cb_data);
++        if (cb_data->queries[1] == NULL) {
++            LOGE("Failed to submit DNS query: %s",
++                 dns_strerror(dns_status(ctx)));
++        }
++    }
++
++    if (all_queries_are_null(cb_data)) {
++        if (cb_data->client_free_cb != NULL) {
++            cb_data->client_free_cb(cb_data->client_cb_data);
++        }
++        ss_free(cb_data);
++    }
++
++    return cb_data;
++}
++
++void
++resolv_cancel(struct ResolvQuery *query_handle)
++{
++    struct ResolvQuery *cb_data = (struct ResolvQuery *)query_handle;
++    struct dns_ctx *ctx         = (struct dns_ctx *)resolv_io_watcher.data;
++
++    for (int i = 0; i < sizeof(cb_data->queries) / sizeof(cb_data->queries[0]);
++         i++)
++        if (cb_data->queries[i] != NULL) {
++            dns_cancel(ctx, cb_data->queries[i]);
++            ss_free(cb_data->queries[i]);
++        }
++
++    if (cb_data->client_free_cb != NULL) {
++        cb_data->client_free_cb(cb_data->client_cb_data);
++    }
++
++    ss_free(cb_data);
++}
++
++/*
++ * DNS UDP socket activity callback
++ */
++static void
++resolv_sock_cb(struct ev_loop *loop, struct ev_io *w, int revents)
++{
++    struct dns_ctx *ctx = (struct dns_ctx *)w->data;
++
++    if (revents & EV_READ) {
++        dns_ioevent(ctx, ev_now(loop));
++    }
++}
++
++/*
++ * Wrapper for client callback we provide to udns
++ */
++static void
++dns_query_v4_cb(struct dns_ctx *ctx, struct dns_rr_a4 *result, void *data)
++{
++    struct ResolvQuery *cb_data = (struct ResolvQuery *)data;
++
++    if (result == NULL) {
++        if (verbose) {
++            LOGI("IPv4 resolv: %s", dns_strerror(dns_status(ctx)));
++        }
++    } else if (result->dnsa4_nrr > 0) {
++        struct sockaddr **new_responses = ss_realloc(cb_data->responses,
++                                                     (cb_data->response_count +
++                                                      result->dnsa4_nrr) *
++                                                     sizeof(struct sockaddr *));
++        if (new_responses == NULL) {
++            LOGE("Failed to allocate memory for additional DNS responses");
++        } else {
++            cb_data->responses = new_responses;
++
++            for (int i = 0; i < result->dnsa4_nrr; i++) {
++                struct sockaddr_in *sa =
++                    (struct sockaddr_in *)ss_malloc(sizeof(struct sockaddr_in));
++                sa->sin_family = AF_INET;
++                sa->sin_port   = cb_data->port;
++                sa->sin_addr   = result->dnsa4_addr[i];
++
++                cb_data->responses[cb_data->response_count] =
++                    (struct sockaddr *)sa;
++                if (cb_data->responses[cb_data->response_count] == NULL) {
++                    LOGE(
++                        "Failed to allocate memory for DNS query result address");
++                } else {
++                    cb_data->response_count++;
++                }
++            }
++        }
++    }
++
++    ss_free(result);
++    cb_data->queries[0] = NULL; /* mark A query as being completed */
++
++    /* Once all queries have completed, call client callback */
++    if (all_queries_are_null(cb_data)) {
++        return process_client_callback(cb_data);
++    }
++}
++
++static void
++dns_query_v6_cb(struct dns_ctx *ctx, struct dns_rr_a6 *result, void *data)
++{
++    struct ResolvQuery *cb_data = (struct ResolvQuery *)data;
++
++    if (result == NULL) {
++        if (verbose) {
++            LOGI("IPv6 resolv: %s", dns_strerror(dns_status(ctx)));
++        }
++    } else if (result->dnsa6_nrr > 0) {
++        struct sockaddr **new_responses = ss_realloc(cb_data->responses,
++                                                     (cb_data->response_count +
++                                                      result->dnsa6_nrr) *
++                                                     sizeof(struct sockaddr *));
++        if (new_responses == NULL) {
++            LOGE("Failed to allocate memory for additional DNS responses");
++        } else {
++            cb_data->responses = new_responses;
++
++            for (int i = 0; i < result->dnsa6_nrr; i++) {
++                struct sockaddr_in6 *sa =
++                    (struct sockaddr_in6 *)ss_malloc(sizeof(struct sockaddr_in6));
++                sa->sin6_family = AF_INET6;
++                sa->sin6_port   = cb_data->port;
++                sa->sin6_addr   = result->dnsa6_addr[i];
++
++                cb_data->responses[cb_data->response_count] =
++                    (struct sockaddr *)sa;
++                if (cb_data->responses[cb_data->response_count] == NULL) {
++                    LOGE(
++                        "Failed to allocate memory for DNS query result address");
++                } else {
++                    cb_data->response_count++;
++                }
++            }
++        }
++    }
++
++    ss_free(result);
++    cb_data->queries[1] = NULL; /* mark AAAA query as being completed */
++
++    /* Once all queries have completed, call client callback */
++    if (all_queries_are_null(cb_data)) {
++        return process_client_callback(cb_data);
++    }
++}
++
++/*
++ * Called once all queries have been completed
++ */
++static void
++process_client_callback(struct ResolvQuery *cb_data)
++{
++    struct sockaddr *best_address = NULL;
++
++    if (resolv_mode == MODE_IPV4_FIRST) {
++        best_address = choose_ipv4_first(cb_data);
++    } else if (resolv_mode == MODE_IPV6_FIRST) {
++        best_address = choose_ipv6_first(cb_data);
++    } else {
++        best_address = choose_any(cb_data);
++    }
++
++    cb_data->client_cb(best_address, cb_data->client_cb_data);
++
++    for (int i = 0; i < cb_data->response_count; i++)
++        ss_free(cb_data->responses[i]);
++
++    ss_free(cb_data->responses);
++    if (cb_data->client_free_cb != NULL) {
++        cb_data->client_free_cb(cb_data->client_cb_data);
++    }
++    ss_free(cb_data);
++}
++
++static struct sockaddr *
++choose_ipv4_first(struct ResolvQuery *cb_data)
++{
++    for (int i = 0; i < cb_data->response_count; i++)
++        if (cb_data->responses[i]->sa_family == AF_INET) {
++            return cb_data->responses[i];
++        }
++
++    return choose_any(cb_data);
++}
++
++static struct sockaddr *
++choose_ipv6_first(struct ResolvQuery *cb_data)
++{
++    for (int i = 0; i < cb_data->response_count; i++)
++        if (cb_data->responses[i]->sa_family == AF_INET6) {
++            return cb_data->responses[i];
++        }
++
++    return choose_any(cb_data);
++}
++
++static struct sockaddr *
++choose_any(struct ResolvQuery *cb_data)
++{
++    if (cb_data->response_count >= 1) {
++        return cb_data->responses[0];
++    }
++
++    return NULL;
++}
++
++/*
++ * DNS timeout callback
++ */
++static void
++resolv_timeout_cb(struct ev_loop *loop, struct ev_timer *w, int revents)
++{
++    struct dns_ctx *ctx = (struct dns_ctx *)w->data;
++
++    if (revents & EV_TIMER) {
++        dns_timeouts(ctx, 30, ev_now(loop));
++    }
++}
++
++/*
++ * Callback to setup DNS timeout callback
++ */
++static void
++dns_timer_setup_cb(struct dns_ctx *ctx, int timeout, void *data)
++{
++    struct ev_loop *loop = (struct ev_loop *)data;
++
++    if (ev_is_active(&resolv_timeout_watcher)) {
++        ev_timer_stop(loop, &resolv_timeout_watcher);
++    }
++
++    if (ctx != NULL && timeout >= 0) {
++        ev_timer_set(&resolv_timeout_watcher, timeout, 0.0);
++        ev_timer_start(loop, &resolv_timeout_watcher);
++    }
++}
++
++static inline int
++all_queries_are_null(struct ResolvQuery *cb_data)
++{
++    int result = 1;
++
++    for (int i = 0; i < sizeof(cb_data->queries) / sizeof(cb_data->queries[0]);
++         i++)
++        result = result && cb_data->queries[i] == NULL;
++
++    return result;
++}
+diff --git a/server/resolv.h b/server/resolv.h
+new file mode 100644
+index 0000000..0552922
+--- /dev/null
++++ b/server/resolv.h
+@@ -0,0 +1,50 @@
++/*
++ * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef RESOLV_H
++#define RESOLV_H
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdint.h>
++
++#ifdef __MINGW32__
++#include "win32.h"
++#else
++#include <sys/socket.h>
++#endif
++
++struct ResolvQuery;
++
++int resolv_init(struct ev_loop *, char **, int, int);
++struct ResolvQuery *resolv_query(const char *, void (*)(struct sockaddr *,
++                                                        void *), void (*)(
++                                     void *), void *, uint16_t);
++void resolv_cancel(struct ResolvQuery *);
++void resolv_shutdown(struct ev_loop *);
++
++#endif
+diff --git a/server/rule.c b/server/rule.c
+new file mode 100644
+index 0000000..8aae04e
+--- /dev/null
++++ b/server/rule.c
+@@ -0,0 +1,137 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdio.h>
++#include <string.h>
++
++#ifdef __MINGW32__
++extern void ss_error(const char *s);
++#endif
++
++#include "rule.h"
++#include "utils.h"
++
++static void free_rule(rule_t *);
++
++rule_t *
++new_rule()
++{
++    rule_t *rule;
++
++    rule = calloc(1, sizeof(rule_t));
++    if (rule == NULL) {
++        ERROR("malloc");
++        return NULL;
++    }
++
++    return rule;
++}
++
++int
++accept_rule_arg(rule_t *rule, const char *arg)
++{
++    if (rule->pattern == NULL) {
++        rule->pattern = strdup(arg);
++        if (rule->pattern == NULL) {
++            ERROR("strdup failed");
++            return -1;
++        }
++    } else {
++        LOGE("Unexpected table rule argument: %s", arg);
++        return -1;
++    }
++
++    return 1;
++}
++
++void
++add_rule(struct cork_dllist *rules, rule_t *rule)
++{
++    cork_dllist_add(rules, &rule->entries);
++}
++
++int
++init_rule(rule_t *rule)
++{
++    if (rule->pattern_re == NULL) {
++        const char *reerr;
++        int reerroffset;
++
++        rule->pattern_re =
++            pcre_compile(rule->pattern, 0, &reerr, &reerroffset, NULL);
++        if (rule->pattern_re == NULL) {
++            LOGE("Regex compilation of \"%s\" failed: %s, offset %d",
++                 rule->pattern, reerr, reerroffset);
++            return 0;
++        }
++    }
++
++    return 1;
++}
++
++rule_t *
++lookup_rule(const struct cork_dllist *rules, const char *name, size_t name_len)
++{
++    struct cork_dllist_item *curr, *next;
++
++    if (name == NULL) {
++        name     = "";
++        name_len = 0;
++    }
++
++    cork_dllist_foreach_void(rules, curr, next) {
++        rule_t *rule = cork_container_of(curr, rule_t, entries);
++        if (pcre_exec(rule->pattern_re, NULL,
++                      name, name_len, 0, 0, NULL, 0) >= 0)
++            return rule;
++    }
++
++    return NULL;
++}
++
++void
++remove_rule(rule_t *rule)
++{
++    cork_dllist_remove(&rule->entries);
++    free_rule(rule);
++}
++
++static void
++free_rule(rule_t *rule)
++{
++    if (rule == NULL)
++        return;
++
++    ss_free(rule->pattern);
++    if (rule->pattern_re != NULL)
++        pcre_free(rule->pattern_re);
++    ss_free(rule);
++}
+diff --git a/server/rule.h b/server/rule.h
+new file mode 100644
+index 0000000..015bc42
+--- /dev/null
++++ b/server/rule.h
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef RULE_H
++#define RULE_H
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <libcork/ds.h>
++
++#ifdef HAVE_PCRE_H
++#include <pcre.h>
++#elif HAVE_PCRE_PCRE_H
++#include <pcre/pcre.h>
++#endif
++
++typedef struct rule {
++    char *pattern;
++
++    /* Runtime fields */
++    pcre *pattern_re;
++
++    struct cork_dllist_item entries;
++} rule_t;
++
++void add_rule(struct cork_dllist *, rule_t *);
++int init_rule(rule_t *);
++rule_t *lookup_rule(const struct cork_dllist *, const char *, size_t);
++void remove_rule(rule_t *);
++rule_t *new_rule();
++int accept_rule_arg(rule_t *, const char *);
++
++#endif
+diff --git a/server/server.c b/server/server.c
+new file mode 100644
+index 0000000..65b0e42
+--- /dev/null
++++ b/server/server.c
+@@ -0,0 +1,2209 @@
++/*
++ * server.c - Provide shadowsocks service
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <locale.h>
++#include <signal.h>
++#include <string.h>
++#include <strings.h>
++#include <time.h>
++#include <unistd.h>
++#include <getopt.h>
++#include <math.h>
++
++#ifndef __MINGW32__
++#include <netdb.h>
++#include <errno.h>
++#include <arpa/inet.h>
++#include <netinet/in.h>
++#include <pthread.h>
++#include <sys/un.h>
++#endif
++
++#include <libcork/core.h>
++#include <udns.h>
++
++#ifdef __MINGW32__
++#include "win32.h"
++#endif
++
++#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
++#include <net/if.h>
++#include <sys/ioctl.h>
++#define SET_INTERFACE
++#endif
++
++#include "netutils.h"
++#include "utils.h"
++#include "acl.h"
++#include "server.h"
++
++#include "obfs.c" // I don't want to modify makefile
++
++#ifndef EAGAIN
++#define EAGAIN EWOULDBLOCK
++#endif
++
++#ifndef EWOULDBLOCK
++#define EWOULDBLOCK EAGAIN
++#endif
++
++#ifndef BUF_SIZE
++#define BUF_SIZE 2048
++#endif
++
++#ifndef SSMAXCONN
++#define SSMAXCONN 1024
++#endif
++
++#ifndef UPDATE_INTERVAL
++#define UPDATE_INTERVAL 30
++#endif
++
++static void signal_cb(EV_P_ ev_signal *w, int revents);
++static void accept_cb(EV_P_ ev_io *w, int revents);
++static void server_send_cb(EV_P_ ev_io *w, int revents);
++static void server_recv_cb(EV_P_ ev_io *w, int revents);
++static void remote_recv_cb(EV_P_ ev_io *w, int revents);
++static void remote_send_cb(EV_P_ ev_io *w, int revents);
++static void server_timeout_cb(EV_P_ ev_timer *watcher, int revents);
++static void block_list_clear_cb(EV_P_ ev_timer *watcher, int revents);
++
++static remote_t *new_remote(int fd);
++static server_t *new_server(int fd, listen_ctx_t *listener);
++static remote_t *connect_to_remote(EV_P_ struct addrinfo *res,
++                                   server_t *server);
++
++static void free_remote(remote_t *remote);
++static void close_and_free_remote(EV_P_ remote_t *remote);
++static void free_server(server_t *server);
++static void close_and_free_server(EV_P_ server_t *server);
++static void server_resolve_cb(struct sockaddr *addr, void *data);
++static void query_free_cb(void *data);
++
++static size_t parse_header_len(const char atyp, const char *data, size_t offset);
++static int is_header_complete(const buffer_t *buf);
++
++int verbose = 0;
++
++static int acl       = 0;
++static int mode      = TCP_ONLY;
++static int auth      = 0;
++static int ipv6first = 0;
++
++static int protocol_compatible = 0;//SSR
++static int obfs_compatible = 0;//SSR
++
++static int fast_open = 0;
++#ifdef HAVE_SETRLIMIT
++static int nofile = 0;
++#endif
++static int remote_conn = 0;
++static int server_conn = 0;
++
++static char *bind_address    = NULL;
++static char *server_port     = NULL;
++static char *manager_address = NULL;
++uint64_t tx                  = 0;
++uint64_t rx                  = 0;
++ev_timer stat_update_watcher;
++ev_timer block_list_watcher;
++
++static struct cork_dllist connections;
++
++static void
++stat_update_cb(EV_P_ ev_timer *watcher, int revents)
++{
++    struct sockaddr_un svaddr, claddr;
++    int sfd = -1;
++    size_t msgLen;
++    char resp[BUF_SIZE];
++
++    if (verbose) {
++        LOGI("update traffic stat: tx: %" PRIu64 " rx: %" PRIu64 "", tx, rx);
++    }
++
++    snprintf(resp, BUF_SIZE, "stat: {\"%s\":%" PRIu64 "}", server_port, tx + rx);
++    msgLen = strlen(resp) + 1;
++
++    ss_addr_t ip_addr = { .host = NULL, .port = NULL };
++    parse_addr(manager_address, &ip_addr);
++
++    if (ip_addr.host == NULL || ip_addr.port == NULL) {
++        sfd = socket(AF_UNIX, SOCK_DGRAM, 0);
++        if (sfd == -1) {
++            ERROR("stat_socket");
++            return;
++        }
++
++        memset(&claddr, 0, sizeof(struct sockaddr_un));
++        claddr.sun_family = AF_UNIX;
++        snprintf(claddr.sun_path, sizeof(claddr.sun_path), "/tmp/shadowsocks.%s", server_port);
++
++        unlink(claddr.sun_path);
++
++        if (bind(sfd, (struct sockaddr *)&claddr, sizeof(struct sockaddr_un)) == -1) {
++            ERROR("stat_bind");
++            close(sfd);
++            return;
++        }
++
++        memset(&svaddr, 0, sizeof(struct sockaddr_un));
++        svaddr.sun_family = AF_UNIX;
++        strncpy(svaddr.sun_path, manager_address, sizeof(svaddr.sun_path) - 1);
++
++        if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *)&svaddr,
++                   sizeof(struct sockaddr_un)) != msgLen) {
++            ERROR("stat_sendto");
++            close(sfd);
++            return;
++        }
++
++        unlink(claddr.sun_path);
++    } else {
++        struct sockaddr_storage storage;
++        memset(&storage, 0, sizeof(struct sockaddr_storage));
++        if (get_sockaddr(ip_addr.host, ip_addr.port, &storage, 0, ipv6first) == -1) {
++            ERROR("failed to parse the manager addr");
++            return;
++        }
++
++        sfd = socket(storage.ss_family, SOCK_DGRAM, 0);
++
++        if (sfd == -1) {
++            ERROR("stat_socket");
++            return;
++        }
++
++        size_t addr_len = get_sockaddr_len((struct sockaddr *)&storage);
++        if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *)&storage,
++                   addr_len) != msgLen) {
++            ERROR("stat_sendto");
++            close(sfd);
++            return;
++        }
++    }
++
++    close(sfd);
++}
++
++static void
++free_connections(struct ev_loop *loop)
++{
++    struct cork_dllist_item *curr, *next;
++    cork_dllist_foreach_void(&connections, curr, next) {
++        server_t *server = cork_container_of(curr, server_t, entries);
++        remote_t *remote = server->remote;
++        close_and_free_server(loop, server);
++        close_and_free_remote(loop, remote);
++    }
++}
++
++static size_t
++parse_header_len(const char atyp, const char *data, size_t offset)
++{
++    size_t len = 0;
++    if ((atyp & ADDRTYPE_MASK) == 1) {
++        // IP V4
++        len += sizeof(struct in_addr);
++    } else if ((atyp & ADDRTYPE_MASK) == 3) {
++        // Domain name
++        uint8_t name_len = *(uint8_t *)(data + offset);
++        len += name_len + 1;
++    } else if ((atyp & ADDRTYPE_MASK) == 4) {
++        // IP V6
++        len += sizeof(struct in6_addr);
++    } else {
++        return 0;
++    }
++    len += 2;
++    return len;
++}
++
++static int
++is_header_complete(const buffer_t *buf)
++{
++    size_t header_len = 0;
++    size_t buf_len    = buf->len;
++
++    char atyp = buf->array[header_len];
++
++    // 1 byte for atyp
++    header_len++;
++
++    if ((atyp & ADDRTYPE_MASK) == 1) {
++        // IP V4
++        header_len += sizeof(struct in_addr);
++    } else if ((atyp & ADDRTYPE_MASK) == 3) {
++        // Domain name
++        // domain len + len of domain
++        if (buf_len < header_len + 1)
++            return 0;
++        uint8_t name_len = *(uint8_t *)(buf->array + header_len);
++        header_len += name_len + 1;
++    } else if ((atyp & ADDRTYPE_MASK) == 4) {
++        // IP V6
++        header_len += sizeof(struct in6_addr);
++    } else {
++        return -1;
++    }
++
++    // len of port
++    header_len += 2;
++
++    // size of ONETIMEAUTH_BYTES
++    if (auth || (atyp & ONETIMEAUTH_FLAG)) {
++        header_len += ONETIMEAUTH_BYTES;
++    }
++
++    return buf_len >= header_len ? 1 : 0;
++}
++
++static char *
++get_peer_name(int fd)
++{
++    static char peer_name[INET6_ADDRSTRLEN] = { 0 };
++    struct sockaddr_storage addr;
++    socklen_t len = sizeof(struct sockaddr_storage);
++    memset(&addr, 0, len);
++    memset(peer_name, 0, INET6_ADDRSTRLEN);
++    int err = getpeername(fd, (struct sockaddr *)&addr, &len);
++    if (err == 0) {
++        if (addr.ss_family == AF_INET) {
++            struct sockaddr_in *s = (struct sockaddr_in *)&addr;
++            dns_ntop(AF_INET, &s->sin_addr, peer_name, INET_ADDRSTRLEN);
++        } else if (addr.ss_family == AF_INET6) {
++            struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
++            dns_ntop(AF_INET6, &s->sin6_addr, peer_name, INET6_ADDRSTRLEN);
++        }
++    } else {
++        return NULL;
++    }
++    return peer_name;
++}
++
++#ifdef __linux__
++static void
++set_linger(int fd)
++{
++    struct linger so_linger;
++    memset(&so_linger, 0, sizeof(struct linger));
++    so_linger.l_onoff  = 1;
++    so_linger.l_linger = 0;
++    setsockopt(fd, SOL_SOCKET, SO_LINGER, &so_linger, sizeof so_linger);
++}
++#endif
++
++static void
++reset_addr(int fd)
++{
++    char *peer_name;
++    peer_name = get_peer_name(fd);
++    if (peer_name != NULL) {
++        remove_from_block_list(peer_name);
++    }
++}
++
++static void
++report_addr(int fd, int err_level)
++{
++#ifdef __linux__
++    set_linger(fd);
++#endif
++
++    char *peer_name;
++    peer_name = get_peer_name(fd);
++    if (peer_name != NULL) {
++        LOGE("failed to handshake with %s", peer_name);
++        update_block_list(peer_name, err_level);
++    }
++}
++
++int
++setfastopen(int fd)
++{
++    int s = 0;
++#ifdef TCP_FASTOPEN
++    if (fast_open) {
++#ifdef __APPLE__
++        int opt = 1;
++#else
++        int opt = 5;
++#endif
++        s = setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &opt, sizeof(opt));
++
++        if (s == -1) {
++            if (errno == EPROTONOSUPPORT || errno == ENOPROTOOPT) {
++                LOGE("fast open is not supported on this platform");
++                fast_open = 0;
++            } else {
++                ERROR("setsockopt");
++            }
++        }
++    }
++#endif
++    return s;
++}
++
++#ifndef __MINGW32__
++int
++setnonblocking(int fd)
++{
++    int flags;
++    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
++        flags = 0;
++    }
++    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
++}
++
++#endif
++
++int
++create_and_bind(const char *host, const char *port, int mptcp)
++{
++    struct addrinfo hints;
++    struct addrinfo *result, *rp, *ipv4v6bindall;
++    int s, listen_sock;
++
++    memset(&hints, 0, sizeof(struct addrinfo));
++    hints.ai_family   = AF_UNSPEC;               /* Return IPv4 and IPv6 choices */
++    hints.ai_socktype = SOCK_STREAM;             /* We want a TCP socket */
++    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
++    hints.ai_protocol = IPPROTO_TCP;
++
++    for (int i = 1; i < 8; i++) {
++        s = getaddrinfo(host, port, &hints, &result);
++        if (s == 0) {
++            break;
++        } else {
++            sleep(pow(2, i));
++            LOGE("failed to resolve server name, wait %.0f seconds", pow(2, i));
++        }
++    }
++
++    if (s != 0) {
++        LOGE("getaddrinfo: %s", gai_strerror(s));
++        return -1;
++    }
++
++    rp = result;
++
++    /*
++     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
++     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
++     * return a list of addresses to listen on, but it is impossible to listen on
++     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
++     */
++    if (!host) {
++        ipv4v6bindall = result;
++
++        /* Loop over all address infos found until a IPV6 address is found. */
++        while (ipv4v6bindall) {
++            if (ipv4v6bindall->ai_family == AF_INET6) {
++                rp = ipv4v6bindall; /* Take first IPV6 address available */
++                break;
++            }
++            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
++        }
++    }
++
++    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
++        listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
++        if (listen_sock == -1) {
++            continue;
++        }
++
++        if (rp->ai_family == AF_INET6) {
++            int ipv6only = host ? 1 : 0;
++            setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6only, sizeof(ipv6only));
++        }
++
++        int opt = 1;
++        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
++#ifdef SO_NOSIGPIPE
++        setsockopt(listen_sock, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
++#endif
++        int err = set_reuseport(listen_sock);
++        if (err == 0) {
++            LOGI("tcp port reuse enabled");
++        }
++
++        if (mptcp == 1) {
++            int err = setsockopt(listen_sock, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt));
++            if (err == -1) {
++                ERROR("failed to enable multipath TCP");
++            }
++        }
++
++        s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
++        if (s == 0) {
++            /* We managed to bind successfully! */
++            break;
++        } else {
++            ERROR("bind");
++        }
++
++        close(listen_sock);
++    }
++
++    if (rp == NULL) {
++        LOGE("Could not bind");
++        return -1;
++    }
++
++    freeaddrinfo(result);
++
++    return listen_sock;
++}
++
++static remote_t *
++connect_to_remote(EV_P_ struct addrinfo *res,
++                  server_t *server)
++{
++    int sockfd;
++#ifdef SET_INTERFACE
++    const char *iface = server->listen_ctx->iface;
++#endif
++
++    if (acl) {
++        char ipstr[INET6_ADDRSTRLEN];
++        memset(ipstr, 0, INET6_ADDRSTRLEN);
++
++        if (res->ai_addr->sa_family == AF_INET) {
++            struct sockaddr_in *s = (struct sockaddr_in *)res->ai_addr;
++            dns_ntop(AF_INET, &s->sin_addr, ipstr, INET_ADDRSTRLEN);
++        } else if (res->ai_addr->sa_family == AF_INET6) {
++            struct sockaddr_in6 *s = (struct sockaddr_in6 *)res->ai_addr;
++            dns_ntop(AF_INET6, &s->sin6_addr, ipstr, INET6_ADDRSTRLEN);
++        }
++
++        if (outbound_block_match_host(ipstr) == 1) {
++            if (verbose)
++                LOGI("outbound blocked %s", ipstr);
++            return NULL;
++        }
++    }
++
++    // initialize remote socks
++    sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++    if (sockfd == -1) {
++        ERROR("socket");
++        close(sockfd);
++        return NULL;
++    }
++
++    int opt = 1;
++    setsockopt(sockfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
++#ifdef SO_NOSIGPIPE
++    setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
++#endif
++    setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
++
++    // setup remote socks
++
++    if (setnonblocking(sockfd) == -1)
++        ERROR("setnonblocking");
++
++    if (bind_address != NULL)
++        if (bind_to_address(sockfd, bind_address) == -1) {
++            ERROR("bind_to_address");
++            close(sockfd);
++            return NULL;
++        }
++
++#ifdef SET_INTERFACE
++    if (iface) {
++        if (setinterface(sockfd, iface) == -1) {
++            ERROR("setinterface");
++            close(sockfd);
++            return NULL;
++        }
++    }
++#endif
++
++    remote_t *remote = new_remote(sockfd);
++
++#ifdef TCP_FASTOPEN
++    if (fast_open) {
++#ifdef __APPLE__
++        ((struct sockaddr_in *)(res->ai_addr))->sin_len = sizeof(struct sockaddr_in);
++        sa_endpoints_t endpoints;
++        memset((char *)&endpoints, 0, sizeof(endpoints));
++        endpoints.sae_dstaddr    = res->ai_addr;
++        endpoints.sae_dstaddrlen = res->ai_addrlen;
++
++        struct iovec iov;
++        iov.iov_base = server->buf->array + server->buf->idx;
++        iov.iov_len  = server->buf->len;
++        size_t len;
++        int s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, CONNECT_DATA_IDEMPOTENT,
++                         &iov, 1, &len, NULL);
++        if (s == 0) {
++            s = len;
++        }
++#else
++        ssize_t s = sendto(sockfd, server->buf->array + server->buf->idx,
++                           server->buf->len, MSG_FASTOPEN, res->ai_addr,
++                           res->ai_addrlen);
++#endif
++        if (s == -1) {
++            if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
++                || errno == EWOULDBLOCK) {
++                // The remote server doesn't support tfo or it's the first connection to the server.
++                // It will automatically fall back to conventional TCP.
++            } else if (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
++                       errno == ENOPROTOOPT) {
++                // Disable fast open as it's not supported
++                fast_open = 0;
++                LOGE("fast open is not supported on this platform");
++            } else {
++                ERROR("sendto");
++            }
++        } else if (s <= server->buf->len) {
++            server->buf->idx += s;
++            server->buf->len -= s;
++        } else {
++            server->buf->idx = 0;
++            server->buf->len = 0;
++        }
++    }
++#endif
++
++    if (!fast_open) {
++        int r = connect(sockfd, res->ai_addr, res->ai_addrlen);
++
++        if (r == -1 && errno != CONNECT_IN_PROGRESS) {
++            ERROR("connect");
++            close_and_free_remote(EV_A_ remote);
++            return NULL;
++        }
++    }
++
++    return remote;
++}
++
++static void
++server_recv_cb(EV_P_ ev_io *w, int revents)
++{
++    server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
++    server_t *server              = server_recv_ctx->server;
++    remote_t *remote              = NULL;
++
++    int len       = server->buf->len;
++    buffer_t *buf = server->buf;
++
++    if (server->stage > STAGE_PARSE) {
++        remote = server->remote;
++        buf    = remote->buf;
++        len    = 0;
++
++        ev_timer_again(EV_A_ & server->recv_ctx->watcher);
++    }
++
++    if (len > BUF_SIZE) {
++        ERROR("out of recv buffer");
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    }
++
++    ssize_t r = recv(server->fd, buf->array + len, BUF_SIZE - len, 0);
++
++    if (r == 0) {
++        // connection closed
++        if (verbose) {
++            LOGI("server_recv close the connection");
++        }
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    } else if (r == -1) {
++        if (errno == EAGAIN || errno == EWOULDBLOCK) {
++            // no data
++            // continue to wait for recv
++            return;
++        } else {
++            ERROR("server recv");
++            close_and_free_remote(EV_A_ remote);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++    }
++
++    tx += r;
++
++    if (server->stage == STAGE_ERROR) {
++        server->buf->len = 0;
++        server->buf->idx = 0;
++        return;
++    }
++
++    // handle incomplete header part 1
++    if (server->stage == STAGE_INIT) {
++        buf->len += r;
++        if (buf->len <= enc_get_iv_len() + 1) {
++            // wait for more
++            return;
++        }
++    } else {
++        buf->len = r;
++    }
++
++    // SSR beg
++
++    if (server->obfs_plugin) {
++        obfs_class *obfs_plugin = server->obfs_plugin;
++        if (obfs_plugin->server_decode) {
++            int needsendback = 0;
++
++            if(obfs_compatible == 1)
++            {
++                char *back_buf = (char*)malloc(sizeof(buffer_t));
++                memcpy(back_buf, buf, sizeof(buffer_t));
++                buf->len = obfs_plugin->server_decode(server->obfs, &buf->array, buf->len, &buf->capacity, &needsendback);
++
++                if ((int)buf->len < 0)
++                {
++                    LOGE("obfs_compatible");
++                    memcpy(buf, back_buf, sizeof(buffer_t));
++                    free(back_buf);
++                    server->obfs_compatible_state = 1;
++                }
++            }
++            else
++            {
++                buf->len = obfs_plugin->server_decode(server->obfs, &buf->array, buf->len, &buf->capacity, &needsendback);
++                if ((int)buf->len < 0) {
++                    LOGE("server_decode");
++                    close_and_free_remote(EV_A_ remote);
++                    close_and_free_server(EV_A_ server);
++                    return;
++                }
++            }
++
++            if (needsendback) {
++                size_t capacity = BUF_SIZE;
++                char *sendback_buf = (char*)malloc(capacity);
++                obfs_class *obfs_plugin = server->obfs_plugin;
++                if (obfs_plugin->server_encode) {
++                    int len = obfs_plugin->server_encode(server->obfs, &sendback_buf, 0, &capacity);
++                    send(server->fd, sendback_buf, len, 0);
++                }
++                free(sendback_buf);
++                return;
++            }
++        }
++    }
++
++    int err = ss_decrypt(buf, server->d_ctx, BUF_SIZE);
++
++    if (err) {
++        report_addr(server->fd, MALICIOUS);
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    }
++
++    if (server->protocol_plugin) {
++        obfs_class *protocol_plugin = server->protocol_plugin;
++        if (protocol_plugin->server_post_decrypt) {
++
++            if(protocol_compatible == 1)
++            {
++                char *back_buf = (char*)malloc(sizeof(buffer_t));
++                memcpy(back_buf, buf, sizeof(buffer_t));
++                buf->len = protocol_plugin->server_post_decrypt(server->protocol, &buf->array, buf->len, &buf->capacity);
++
++                if ((int)buf->len < 0) {
++                    LOGE("protocol_compatible");
++                    memcpy(buf, back_buf, sizeof(buffer_t));
++                    free(back_buf);
++                    server->protocol_compatible_state = 1;
++                }
++                if ( buf->len == 0 )
++                {
++                    LOGE("protocol_compatible");
++                    memcpy(buf, back_buf, sizeof(buffer_t));
++                    free(back_buf);
++                    server->protocol_compatible_state = 1;
++                }
++            }
++            else
++            {
++                buf->len = protocol_plugin->server_post_decrypt(server->protocol, &buf->array, buf->len, &buf->capacity);
++                if ((int)buf->len < 0) {
++                    LOGE("server_post_decrypt");
++                    close_and_free_remote(EV_A_ remote);
++                    close_and_free_server(EV_A_ server);
++                    return;
++                }
++                if ( buf->len == 0 )
++                {
++                    LOGE("server_post_decrypt");
++                    return;
++                }
++            }
++        }
++    }
++    // SSR end
++
++    // handle incomplete header part 2
++    if (server->stage == STAGE_INIT) {
++        int ret = is_header_complete(server->buf);
++        if (ret == 1) {
++            bfree(server->header_buf);
++            ss_free(server->header_buf);
++            server->stage = STAGE_PARSE;
++        } else if (ret == -1) {
++            server->stage = STAGE_ERROR;
++            report_addr(server->fd, MALFORMED);
++            server->buf->len = 0;
++            server->buf->idx = 0;
++            return;
++        } else {
++            server->stage = STAGE_HANDSHAKE;
++        }
++    }
++
++    if (server->stage == STAGE_HANDSHAKE) {
++        size_t header_len = server->header_buf->len;
++        brealloc(server->header_buf, server->buf->len + header_len, BUF_SIZE);
++        memcpy(server->header_buf->array + header_len,
++               server->buf->array, server->buf->len);
++        server->header_buf->len = server->buf->len + header_len;
++
++        int ret = is_header_complete(server->buf);
++
++        if (ret == 1) {
++            brealloc(server->buf, server->header_buf->len, BUF_SIZE);
++            memcpy(server->buf->array, server->header_buf->array, server->header_buf->len);
++            server->buf->len = server->header_buf->len;
++            bfree(server->header_buf);
++            ss_free(server->header_buf);
++            server->stage = STAGE_PARSE;
++        } else {
++            if (ret == -1)
++                server->stage = STAGE_ERROR;
++            server->buf->len = 0;
++            server->buf->idx = 0;
++            return;
++        }
++    }
++
++    // handshake and transmit data
++    if (server->stage == STAGE_STREAM) {
++        if (server->auth && !ss_check_hash(remote->buf, server->chunk, server->d_ctx, BUF_SIZE)) {
++            LOGE("hash error");
++            report_addr(server->fd, BAD);
++            close_and_free_server(EV_A_ server);
++            close_and_free_remote(EV_A_ remote);
++            return;
++        }
++
++        int s = send(remote->fd, remote->buf->array, remote->buf->len, 0);
++        if (s == -1) {
++            if (errno == EAGAIN || errno == EWOULDBLOCK) {
++                // no data, wait for send
++                remote->buf->idx = 0;
++                ev_io_stop(EV_A_ & server_recv_ctx->io);
++                ev_io_start(EV_A_ & remote->send_ctx->io);
++            } else {
++                ERROR("server_recv_send");
++                close_and_free_remote(EV_A_ remote);
++                close_and_free_server(EV_A_ server);
++            }
++        } else if (s < remote->buf->len) {
++            remote->buf->len -= s;
++            remote->buf->idx  = s;
++            ev_io_stop(EV_A_ & server_recv_ctx->io);
++            ev_io_start(EV_A_ & remote->send_ctx->io);
++        }
++        return;
++    } else if (server->stage == STAGE_PARSE) {
++        /*
++         * Shadowsocks TCP Relay Header:
++         *
++         *    +------+----------+----------+----------------+
++         *    | ATYP | DST.ADDR | DST.PORT |    HMAC-SHA1   |
++         *    +------+----------+----------+----------------+
++         *    |  1   | Variable |    2     |      10        |
++         *    +------+----------+----------+----------------+
++         *
++         *    If ATYP & ONETIMEAUTH_FLAG(0x10) != 0, Authentication (HMAC-SHA1) is enabled.
++         *
++         *    The key of HMAC-SHA1 is (IV + KEY) and the input is the whole header.
++         *    The output of HMAC-SHA is truncated to 10 bytes (leftmost bits).
++         */
++
++        /*
++         * Shadowsocks Request's Chunk Authentication for TCP Relay's payload
++         * (No chunk authentication for response's payload):
++         *
++         *    +------+-----------+-------------+------+
++         *    | LEN  | HMAC-SHA1 |    DATA     |      ...
++         *    +------+-----------+-------------+------+
++         *    |  2   |    10     |  Variable   |      ...
++         *    +------+-----------+-------------+------+
++         *
++         *    The key of HMAC-SHA1 is (IV + CHUNK ID)
++         *    The output of HMAC-SHA is truncated to 10 bytes (leftmost bits).
++         */
++
++        int offset     = 0;
++        int need_query = 0;
++        char atyp      = server->buf->array[offset++];
++        char host[257] = { 0 };
++        uint16_t port  = 0;
++        struct addrinfo info;
++        struct sockaddr_storage storage;
++        memset(&info, 0, sizeof(struct addrinfo));
++        memset(&storage, 0, sizeof(struct sockaddr_storage));
++
++        if (auth || (atyp & ONETIMEAUTH_FLAG)) {
++            size_t header_len = parse_header_len(atyp, server->buf->array, offset);
++            size_t len        = server->buf->len;
++
++            if (header_len == 0 || len < offset + header_len + ONETIMEAUTH_BYTES) {
++                report_addr(server->fd, MALFORMED);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++
++            server->buf->len = offset + header_len + ONETIMEAUTH_BYTES;
++            if (ss_onetimeauth_verify(server->buf, server->d_ctx->evp.iv)) {
++                report_addr(server->fd, BAD);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++
++            server->buf->len = len;
++            server->auth     = 1;
++        }
++
++        // get remote addr and port
++        if ((atyp & ADDRTYPE_MASK) == 1) {
++            // IP V4
++            struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
++            size_t in_addr_len       = sizeof(struct in_addr);
++            addr->sin_family = AF_INET;
++            if (server->buf->len >= in_addr_len + 3) {
++                addr->sin_addr = *(struct in_addr *)(server->buf->array + offset);
++                dns_ntop(AF_INET, (const void *)(server->buf->array + offset),
++                         host, INET_ADDRSTRLEN);
++                offset += in_addr_len;
++            } else {
++                LOGE("invalid header with addr type %d", atyp);
++                report_addr(server->fd, MALFORMED);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++            addr->sin_port   = *(uint16_t *)(server->buf->array + offset);
++            info.ai_family   = AF_INET;
++            info.ai_socktype = SOCK_STREAM;
++            info.ai_protocol = IPPROTO_TCP;
++            info.ai_addrlen  = sizeof(struct sockaddr_in);
++            info.ai_addr     = (struct sockaddr *)addr;
++        } else if ((atyp & ADDRTYPE_MASK) == 3) {
++            // Domain name
++            uint8_t name_len = *(uint8_t *)(server->buf->array + offset);
++            if (name_len + 4 <= server->buf->len) {
++                memcpy(host, server->buf->array + offset + 1, name_len);
++                offset += name_len + 1;
++            } else {
++                LOGE("invalid name length: %d", name_len);
++                report_addr(server->fd, MALFORMED);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++            if (acl && outbound_block_match_host(host) == 1) {
++                if (verbose)
++                    LOGI("outbound blocked %s", host);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++            struct cork_ip ip;
++            if (cork_ip_init(&ip, host) != -1) {
++                info.ai_socktype = SOCK_STREAM;
++                info.ai_protocol = IPPROTO_TCP;
++                if (ip.version == 4) {
++                    struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
++                    dns_pton(AF_INET, host, &(addr->sin_addr));
++                    addr->sin_port   = *(uint16_t *)(server->buf->array + offset);
++                    addr->sin_family = AF_INET;
++                    info.ai_family   = AF_INET;
++                    info.ai_addrlen  = sizeof(struct sockaddr_in);
++                    info.ai_addr     = (struct sockaddr *)addr;
++                } else if (ip.version == 6) {
++                    struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
++                    dns_pton(AF_INET6, host, &(addr->sin6_addr));
++                    addr->sin6_port   = *(uint16_t *)(server->buf->array + offset);
++                    addr->sin6_family = AF_INET6;
++                    info.ai_family    = AF_INET6;
++                    info.ai_addrlen   = sizeof(struct sockaddr_in6);
++                    info.ai_addr      = (struct sockaddr *)addr;
++                }
++            } else {
++                if (!validate_hostname(host, name_len)) {
++                    LOGE("invalid host name");
++                    report_addr(server->fd, MALFORMED);
++                    close_and_free_server(EV_A_ server);
++                    return;
++                }
++                need_query = 1;
++            }
++        } else if ((atyp & ADDRTYPE_MASK) == 4) {
++            // IP V6
++            struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
++            size_t in6_addr_len       = sizeof(struct in6_addr);
++            addr->sin6_family = AF_INET6;
++            if (server->buf->len >= in6_addr_len + 3) {
++                addr->sin6_addr = *(struct in6_addr *)(server->buf->array + offset);
++                dns_ntop(AF_INET6, (const void *)(server->buf->array + offset),
++                         host, INET6_ADDRSTRLEN);
++                offset += in6_addr_len;
++            } else {
++                LOGE("invalid header with addr type %d", atyp);
++                report_addr(server->fd, MALFORMED);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++            addr->sin6_port  = *(uint16_t *)(server->buf->array + offset);
++            info.ai_family   = AF_INET6;
++            info.ai_socktype = SOCK_STREAM;
++            info.ai_protocol = IPPROTO_TCP;
++            info.ai_addrlen  = sizeof(struct sockaddr_in6);
++            info.ai_addr     = (struct sockaddr *)addr;
++        }
++
++        if (offset == 1) {
++            LOGE("invalid header with addr type %d", atyp);
++            report_addr(server->fd, MALFORMED);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++
++        port = (*(uint16_t *)(server->buf->array + offset));
++
++        offset += 2;
++
++        if (server->auth) {
++            offset += ONETIMEAUTH_BYTES;
++        }
++
++        if (server->buf->len < offset) {
++            report_addr(server->fd, MALFORMED);
++            close_and_free_server(EV_A_ server);
++            return;
++        } else {
++            server->buf->len -= offset;
++            memmove(server->buf->array, server->buf->array + offset, server->buf->len);
++        }
++
++        if (verbose) {
++            if ((atyp & ADDRTYPE_MASK) == 4)
++                LOGI("connect to [%s]:%d", host, ntohs(port));
++            else
++                LOGI("connect to %s:%d", host, ntohs(port));
++        }
++
++        if (server->auth && !ss_check_hash(server->buf, server->chunk, server->d_ctx, BUF_SIZE)) {
++            LOGE("hash error");
++            report_addr(server->fd, BAD);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++
++
++        if (!need_query) {
++            remote_t *remote = connect_to_remote(EV_A_ &info, server);
++
++            if (remote == NULL) {
++                LOGE("connect error");
++                close_and_free_server(EV_A_ server);
++                return;
++            } else {
++                server->remote = remote;
++                remote->server = server;
++
++                // XXX: should handle buffer carefully
++                if (server->buf->len > 0) {
++                    memcpy(remote->buf->array, server->buf->array, server->buf->len);
++                    remote->buf->len = server->buf->len;
++                    remote->buf->idx = 0;
++                    server->buf->len = 0;
++                    server->buf->idx = 0;
++                }
++
++                // waiting on remote connected event
++                ev_io_stop(EV_A_ & server_recv_ctx->io);
++                ev_io_start(EV_A_ & remote->send_ctx->io);
++            }
++        } else {
++            query_t *query = (query_t *)ss_malloc(sizeof(query_t));
++            query->server = server;
++            snprintf(query->hostname, 256, "%s", host);
++
++            server->stage = STAGE_RESOLVE;
++            server->query = resolv_query(host, server_resolve_cb,
++                                         query_free_cb, query, port);
++
++            ev_io_stop(EV_A_ & server_recv_ctx->io);
++        }
++
++        return;
++    }
++    // should not reach here
++    FATAL("server context error");
++}
++
++static void
++server_send_cb(EV_P_ ev_io *w, int revents)
++{
++    server_ctx_t *server_send_ctx = (server_ctx_t *)w;
++    server_t *server              = server_send_ctx->server;
++    remote_t *remote              = server->remote;
++
++    if (remote == NULL) {
++        LOGE("invalid server");
++        close_and_free_server(EV_A_ server);
++        return;
++    }
++
++    if (server->buf->len == 0) {
++        // close and free
++        if (verbose) {
++            LOGI("server_send close the connection");
++        }
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    } else {
++        // has data to send
++        ssize_t s = send(server->fd, server->buf->array + server->buf->idx,
++                         server->buf->len, 0);
++        if (s == -1) {
++            if (errno != EAGAIN && errno != EWOULDBLOCK) {
++                ERROR("server_send_send");
++                close_and_free_remote(EV_A_ remote);
++                close_and_free_server(EV_A_ server);
++            }
++            return;
++        } else if (s < server->buf->len) {
++            // partly sent, move memory, wait for the next time to send
++            server->buf->len -= s;
++            server->buf->idx += s;
++            return;
++        } else {
++            // all sent out, wait for reading
++            server->buf->len = 0;
++            server->buf->idx = 0;
++            ev_io_stop(EV_A_ & server_send_ctx->io);
++            if (remote != NULL) {
++                ev_io_start(EV_A_ & remote->recv_ctx->io);
++                return;
++            } else {
++                LOGE("invalid remote");
++                close_and_free_remote(EV_A_ remote);
++                close_and_free_server(EV_A_ server);
++                return;
++            }
++        }
++    }
++}
++
++static void
++block_list_clear_cb(EV_P_ ev_timer *watcher, int revents)
++{
++    clear_block_list();
++}
++
++static void
++server_timeout_cb(EV_P_ ev_timer *watcher, int revents)
++{
++    server_ctx_t *server_ctx
++        = cork_container_of(watcher, server_ctx_t, watcher);
++    server_t *server = server_ctx->server;
++    remote_t *remote = server->remote;
++
++    if (verbose) {
++        LOGI("TCP connection timeout");
++    }
++
++    if (server->stage < STAGE_PARSE) {
++        if (verbose) {
++            size_t len = server->stage ?
++                         server->header_buf->len : server->buf->len;
++#ifdef __MINGW32__
++            LOGI("incomplete header: %u", len);
++#else
++            LOGI("incomplete header: %zu", len);
++#endif
++        }
++        report_addr(server->fd, SUSPICIOUS);
++    }
++
++    close_and_free_remote(EV_A_ remote);
++    close_and_free_server(EV_A_ server);
++}
++
++static void
++query_free_cb(void *data)
++{
++    if (data != NULL) {
++        ss_free(data);
++    }
++}
++
++static void
++server_resolve_cb(struct sockaddr *addr, void *data)
++{
++    query_t *query       = (query_t *)data;
++    server_t *server     = query->server;
++    struct ev_loop *loop = server->listen_ctx->loop;
++
++    server->query = NULL;
++
++    if (addr == NULL) {
++        LOGE("unable to resolve %s", query->hostname);
++        close_and_free_server(EV_A_ server);
++    } else {
++        if (verbose) {
++            LOGI("successfully resolved %s", query->hostname);
++        }
++
++        struct addrinfo info;
++        memset(&info, 0, sizeof(struct addrinfo));
++        info.ai_socktype = SOCK_STREAM;
++        info.ai_protocol = IPPROTO_TCP;
++        info.ai_addr     = addr;
++
++        if (addr->sa_family == AF_INET) {
++            info.ai_family  = AF_INET;
++            info.ai_addrlen = sizeof(struct sockaddr_in);
++        } else if (addr->sa_family == AF_INET6) {
++            info.ai_family  = AF_INET6;
++            info.ai_addrlen = sizeof(struct sockaddr_in6);
++        }
++
++        remote_t *remote = connect_to_remote(EV_A_ &info, server);
++
++        if (remote == NULL) {
++            close_and_free_server(EV_A_ server);
++        } else {
++            server->remote = remote;
++            remote->server = server;
++
++            // XXX: should handle buffer carefully
++            if (server->buf->len > 0) {
++                memcpy(remote->buf->array, server->buf->array + server->buf->idx,
++                       server->buf->len);
++                remote->buf->len = server->buf->len;
++                remote->buf->idx = 0;
++                server->buf->len = 0;
++                server->buf->idx = 0;
++            }
++
++            // listen to remote connected event
++            ev_io_start(EV_A_ & remote->send_ctx->io);
++        }
++    }
++}
++
++static void
++remote_recv_cb(EV_P_ ev_io *w, int revents)
++{
++    remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
++    remote_t *remote              = remote_recv_ctx->remote;
++    server_t *server              = remote->server;
++
++    if (server == NULL) {
++        LOGE("invalid server");
++        close_and_free_remote(EV_A_ remote);
++        return;
++    }
++
++    ev_timer_again(EV_A_ & server->recv_ctx->watcher);
++
++    ssize_t r = recv(remote->fd, server->buf->array, BUF_SIZE, 0);
++
++    if (r == 0) {
++        // connection closed
++        if (verbose) {
++            LOGI("remote_recv close the connection");
++        }
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    } else if (r == -1) {
++        if (errno == EAGAIN || errno == EWOULDBLOCK) {
++            // no data
++            // continue to wait for recv
++            return;
++        } else {
++            ERROR("remote recv");
++            close_and_free_remote(EV_A_ remote);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++    }
++
++    rx += r;
++
++    server->buf->len = r;
++
++    // SSR beg
++    server_info _server_info;
++    if (server->obfs_plugin) {
++        server->obfs_plugin->get_server_info(server->obfs, &_server_info);
++        _server_info.head_len = get_head_size(server->buf->array, server->buf->len, 30);
++        server->obfs_plugin->set_server_info(server->obfs, &_server_info);
++    }
++
++    if (server->protocol_plugin && server->obfs_compatible_state == 0) {
++        obfs_class *protocol_plugin = server->protocol_plugin;
++        if (protocol_plugin->server_pre_encrypt) {
++            server->buf->len = protocol_plugin->server_pre_encrypt(server->protocol, &server->buf->array, server->buf->len, &server->buf->capacity);
++        }
++    }
++
++    int err = ss_encrypt(server->buf, server->e_ctx, BUF_SIZE);
++
++    if (err) {
++        LOGE("invalid password or cipher");
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    }
++
++    if (server->obfs_plugin && server->obfs_compatible_state == 0) {
++        obfs_class *obfs_plugin = server->obfs_plugin;
++        if (obfs_plugin->server_encode) {
++            server->buf->len = obfs_plugin->server_encode(server->obfs, &server->buf->array, server->buf->len, &server->buf->capacity);
++        }
++    }
++    // SSR end
++
++    int s = send(server->fd, server->buf->array, server->buf->len, 0);
++
++    if (s == -1) {
++        if (errno == EAGAIN || errno == EWOULDBLOCK) {
++            // no data, wait for send
++            server->buf->idx = 0;
++            ev_io_stop(EV_A_ & remote_recv_ctx->io);
++            ev_io_start(EV_A_ & server->send_ctx->io);
++        } else {
++            ERROR("remote_recv_send");
++            close_and_free_remote(EV_A_ remote);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++    } else if (s < server->buf->len) {
++        server->buf->len -= s;
++        server->buf->idx  = s;
++        ev_io_stop(EV_A_ & remote_recv_ctx->io);
++        ev_io_start(EV_A_ & server->send_ctx->io);
++    }
++
++    // Disable TCP_NODELAY after the first response are sent
++    if (!remote->recv_ctx->connected) {
++        int opt = 0;
++        setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
++        setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
++        remote->recv_ctx->connected = 1;
++    }
++}
++
++static void
++remote_send_cb(EV_P_ ev_io *w, int revents)
++{
++    remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
++    remote_t *remote              = remote_send_ctx->remote;
++    server_t *server              = remote->server;
++
++    if (server == NULL) {
++        LOGE("invalid server");
++        close_and_free_remote(EV_A_ remote);
++        return;
++    }
++
++    if (!remote_send_ctx->connected) {
++        struct sockaddr_storage addr;
++        socklen_t len = sizeof(struct sockaddr_storage);
++        memset(&addr, 0, len);
++        int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
++        if (r == 0) {
++            if (verbose) {
++                LOGI("remote connected");
++            }
++            remote_send_ctx->connected = 1;
++
++            // Clear the state of this address in the block list
++            reset_addr(server->fd);
++
++            if (remote->buf->len == 0) {
++                server->stage = STAGE_STREAM;
++                ev_io_stop(EV_A_ & remote_send_ctx->io);
++                ev_io_start(EV_A_ & server->recv_ctx->io);
++                ev_io_start(EV_A_ & remote->recv_ctx->io);
++                return;
++            }
++        } else {
++            ERROR("getpeername");
++            // not connected
++            close_and_free_remote(EV_A_ remote);
++            close_and_free_server(EV_A_ server);
++            return;
++        }
++    }
++
++    if (remote->buf->len == 0) {
++        // close and free
++        if (verbose) {
++            LOGI("remote_send close the connection");
++        }
++        close_and_free_remote(EV_A_ remote);
++        close_and_free_server(EV_A_ server);
++        return;
++    } else {
++        // has data to send
++        ssize_t s = send(remote->fd, remote->buf->array + remote->buf->idx,
++                         remote->buf->len, 0);
++        if (s == -1) {
++            if (errno != EAGAIN && errno != EWOULDBLOCK) {
++                ERROR("remote_send_send");
++                // close and free
++                close_and_free_remote(EV_A_ remote);
++                close_and_free_server(EV_A_ server);
++            }
++            return;
++        } else if (s < remote->buf->len) {
++            // partly sent, move memory, wait for the next time to send
++            remote->buf->len -= s;
++            remote->buf->idx += s;
++            return;
++        } else {
++            // all sent out, wait for reading
++            remote->buf->len = 0;
++            remote->buf->idx = 0;
++            ev_io_stop(EV_A_ & remote_send_ctx->io);
++            if (server != NULL) {
++                ev_io_start(EV_A_ & server->recv_ctx->io);
++                if (server->stage != STAGE_STREAM) {
++                    server->stage = STAGE_STREAM;
++                    ev_io_start(EV_A_ & remote->recv_ctx->io);
++                }
++            } else {
++                LOGE("invalid server");
++                close_and_free_remote(EV_A_ remote);
++                close_and_free_server(EV_A_ server);
++            }
++            return;
++        }
++    }
++}
++
++static remote_t *
++new_remote(int fd)
++{
++    if (verbose) {
++        remote_conn++;
++    }
++
++    remote_t *remote;
++
++    remote                      = ss_malloc(sizeof(remote_t));
++    remote->recv_ctx            = ss_malloc(sizeof(remote_ctx_t));
++    remote->send_ctx            = ss_malloc(sizeof(remote_ctx_t));
++    remote->buf                 = ss_malloc(sizeof(buffer_t));
++    remote->fd                  = fd;
++    remote->recv_ctx->remote    = remote;
++    remote->recv_ctx->connected = 0;
++    remote->send_ctx->remote    = remote;
++    remote->send_ctx->connected = 0;
++    remote->server              = NULL;
++
++    ev_io_init(&remote->recv_ctx->io, remote_recv_cb, fd, EV_READ);
++    ev_io_init(&remote->send_ctx->io, remote_send_cb, fd, EV_WRITE);
++
++    balloc(remote->buf, BUF_SIZE);
++
++    return remote;
++}
++
++static void
++free_remote(remote_t *remote)
++{
++    if (remote->server != NULL) {
++        remote->server->remote = NULL;
++    }
++    if (remote->buf != NULL) {
++        bfree(remote->buf);
++        ss_free(remote->buf);
++    }
++    ss_free(remote->recv_ctx);
++    ss_free(remote->send_ctx);
++    ss_free(remote);
++}
++
++static void
++close_and_free_remote(EV_P_ remote_t *remote)
++{
++    if (remote != NULL) {
++        ev_io_stop(EV_A_ & remote->send_ctx->io);
++        ev_io_stop(EV_A_ & remote->recv_ctx->io);
++        close(remote->fd);
++        free_remote(remote);
++        if (verbose) {
++            remote_conn--;
++            LOGI("current remote connection: %d", remote_conn);
++        }
++    }
++}
++
++static server_t *
++new_server(int fd, listen_ctx_t *listener)
++{
++    if (verbose) {
++        server_conn++;
++    }
++
++    server_t *server;
++    server = ss_malloc(sizeof(server_t));
++
++    memset(server, 0, sizeof(server_t));
++
++    server->recv_ctx            = ss_malloc(sizeof(server_ctx_t));
++    server->send_ctx            = ss_malloc(sizeof(server_ctx_t));
++    server->buf                 = ss_malloc(sizeof(buffer_t));
++    server->header_buf          = ss_malloc(sizeof(buffer_t));
++    server->fd                  = fd;
++    server->recv_ctx->server    = server;
++    server->recv_ctx->connected = 0;
++    server->send_ctx->server    = server;
++    server->send_ctx->connected = 0;
++    server->stage               = STAGE_INIT;
++    server->query               = NULL;
++    server->listen_ctx          = listener;
++    server->remote              = NULL;
++
++    if (listener->method) {
++        server->e_ctx = ss_malloc(sizeof(enc_ctx_t));
++        server->d_ctx = ss_malloc(sizeof(enc_ctx_t));
++        enc_ctx_init(listener->method, server->e_ctx, 1);
++        enc_ctx_init(listener->method, server->d_ctx, 0);
++    } else {
++        server->e_ctx = NULL;
++        server->d_ctx = NULL;
++    }
++
++    int request_timeout = min(MAX_REQUEST_TIMEOUT, listener->timeout)
++                          + rand() % MAX_REQUEST_TIMEOUT;
++
++    ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ);
++    ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
++    ev_timer_init(&server->recv_ctx->watcher, server_timeout_cb,
++                  request_timeout, listener->timeout);
++
++    balloc(server->buf, BUF_SIZE);
++    balloc(server->header_buf, BUF_SIZE);
++
++    server->chunk = (chunk_t *)malloc(sizeof(chunk_t));
++    memset(server->chunk, 0, sizeof(chunk_t));
++    server->chunk->buf = ss_malloc(sizeof(buffer_t));
++    memset(server->chunk->buf, 0, sizeof(buffer_t));
++
++    cork_dllist_add(&connections, &server->entries);
++
++    return server;
++}
++
++static void
++free_server(server_t *server)
++{
++    cork_dllist_remove(&server->entries);
++
++    if (server->chunk != NULL) {
++        if (server->chunk->buf != NULL) {
++            bfree(server->chunk->buf);
++            ss_free(server->chunk->buf);
++        }
++        ss_free(server->chunk);
++    }
++    if (server->remote != NULL) {
++        server->remote->server = NULL;
++    }
++    if (server->e_ctx != NULL) {
++        cipher_context_release(&server->e_ctx->evp);
++        ss_free(server->e_ctx);
++    }
++    if (server->d_ctx != NULL) {
++        cipher_context_release(&server->d_ctx->evp);
++        ss_free(server->d_ctx);
++    }
++    if (server->buf != NULL) {
++        bfree(server->buf);
++        ss_free(server->buf);
++    }
++    if (server->header_buf != NULL) {
++        bfree(server->header_buf);
++        ss_free(server->header_buf);
++    }
++
++    ss_free(server->recv_ctx);
++    ss_free(server->send_ctx);
++    ss_free(server);
++}
++
++static void
++close_and_free_server(EV_P_ server_t *server)
++{
++    if (server != NULL) {
++        if (server->query != NULL) {
++            resolv_cancel(server->query);
++            server->query = NULL;
++        }
++        ev_io_stop(EV_A_ & server->send_ctx->io);
++        ev_io_stop(EV_A_ & server->recv_ctx->io);
++        ev_timer_stop(EV_A_ & server->recv_ctx->watcher);
++        close(server->fd);
++        free_server(server);
++        if (verbose) {
++            server_conn--;
++            LOGI("current server connection: %d", server_conn);
++        }
++    }
++}
++
++static void
++signal_cb(EV_P_ ev_signal *w, int revents)
++{
++    if (revents & EV_SIGNAL) {
++        switch (w->signum) {
++        case SIGINT:
++        case SIGTERM:
++            ev_unloop(EV_A_ EVUNLOOP_ALL);
++        }
++    }
++}
++
++static void
++accept_cb(EV_P_ ev_io *w, int revents)
++{
++    listen_ctx_t *listener = (listen_ctx_t *)w;
++    int serverfd           = accept(listener->fd, NULL, NULL);
++    if (serverfd == -1) {
++        ERROR("accept");
++        return;
++    }
++
++    char *peer_name = get_peer_name(serverfd);
++    if (peer_name != NULL) {
++        int in_white_list = 0;
++        if (acl) {
++            if ((get_acl_mode() == BLACK_LIST && acl_match_host(peer_name) == 1)
++                || (get_acl_mode() == WHITE_LIST && acl_match_host(peer_name) >= 0)) {
++                LOGE("Access denied from %s", peer_name);
++                close(serverfd);
++                return;
++            } else if (acl_match_host(peer_name) == -1) {
++                in_white_list = 1;
++            }
++        }
++        if (!in_white_list && check_block_list(peer_name)) {
++            LOGE("block all requests from %s", peer_name);
++#ifdef __linux__
++            set_linger(serverfd);
++#endif
++            close(serverfd);
++            return;
++        }
++    }
++
++    int opt = 1;
++    setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
++#ifdef SO_NOSIGPIPE
++    setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
++#endif
++    setnonblocking(serverfd);
++
++    if (verbose) {
++        LOGI("accept a connection");
++    }
++
++    server_t *server = new_server(serverfd, listener);
++
++    // SSR beg
++    server->obfs_plugin = new_obfs_class(server->listen_ctx->obfs_name);
++    if (server->obfs_plugin) {
++        server->obfs = server->obfs_plugin->new_obfs();
++        server->obfs_compatible_state = 0;
++    }
++    server->protocol_plugin = new_obfs_class(server->listen_ctx->protocol_name);
++    if (server->protocol_plugin) {
++        server->protocol = server->protocol_plugin->new_obfs();
++        server->protocol_compatible_state = 0;
++    }
++    server_info _server_info;
++    memset(&_server_info, 0, sizeof(server_info));
++    _server_info.param = server->listen_ctx->obfs_param;
++    if(server->obfs_plugin)
++        _server_info.g_data = server->obfs_plugin->init_data();
++    _server_info.head_len = 7;
++    _server_info.iv = server->e_ctx->evp.iv;
++    _server_info.iv_len = enc_get_iv_len();
++    _server_info.key = enc_get_key();
++    _server_info.key_len = enc_get_key_len();
++    _server_info.tcp_mss = 1460;
++
++    if (server->obfs_plugin)
++        server->obfs_plugin->set_server_info(server->obfs, &_server_info);
++
++    _server_info.param = server->listen_ctx->protocol_param;
++    if (server->protocol_plugin)
++        _server_info.g_data = server->protocol_plugin->init_data();
++
++    if (server->protocol_plugin)
++        server->protocol_plugin->set_server_info(server->protocol, &_server_info);
++    // SSR end
++
++    ev_io_start(EV_A_ & server->recv_ctx->io);
++    ev_timer_start(EV_A_ & server->recv_ctx->watcher);
++}
++
++int
++main(int argc, char **argv)
++{
++    int i, c;
++    int pid_flags   = 0;
++    int mptcp       = 0;
++    int firewall    = 0;
++    int mtu         = 0;
++    char *user      = NULL;
++    char *password  = NULL;
++    char *timeout   = NULL;
++    char *protocol = NULL; // SSR
++    char *protocol_param = NULL; // SSR
++    char *method = NULL;
++    char *obfs = NULL; // SSR
++    char *obfs_param = NULL; // SSR
++    char *pid_path  = NULL;
++    char *conf_path = NULL;
++    char *iface     = NULL;
++
++    int server_num = 0;
++    const char *server_host[MAX_REMOTE_NUM];
++
++    char *nameservers[MAX_DNS_NUM + 1];
++    int nameserver_num = 0;
++
++    int option_index                    = 0;
++    static struct option long_options[] = {
++        { "fast-open",       no_argument,       0, 0 },
++        { "acl",             required_argument, 0, 0 },
++        { "manager-address", required_argument, 0, 0 },
++        { "mtu",             required_argument, 0, 0 },
++        { "help",            no_argument,       0, 0 },
++#ifdef __linux__
++        { "mptcp",           no_argument,       0, 0 },
++        { "firewall",        no_argument,       0, 0 },
++#endif
++        {                 0,                 0, 0, 0 }
++    };
++
++    opterr = 0;
++
++    USE_TTY();
++
++    while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:b:c:i:d:a:n:O:o:G:g:huUvA6",
++                            long_options, &option_index)) != -1) {
++        switch (c) {
++        case 0:
++            if (option_index == 0) {
++                fast_open = 1;
++            } else if (option_index == 1) {
++                LOGI("initializing acl...");
++                acl = !init_acl(optarg);
++            } else if (option_index == 2) {
++                manager_address = optarg;
++            } else if (option_index == 3) {
++                mtu = atoi(optarg);
++                LOGI("set MTU to %d", mtu);
++            } else if (option_index == 4) {
++                usage();
++                exit(EXIT_SUCCESS);
++            } else if (option_index == 5) {
++                mptcp = 1;
++                LOGI("enable multipath TCP");
++            } else if (option_index == 6) {
++                firewall = 1;
++                LOGI("enable firewall rules");
++            }
++            break;
++        case 's':
++            if (server_num < MAX_REMOTE_NUM) {
++                server_host[server_num++] = optarg;
++            }
++            break;
++        case 'b':
++            bind_address = optarg;
++            break;
++        case 'p':
++            server_port = optarg;
++            break;
++        case 'k':
++            password = optarg;
++            break;
++        case 'f':
++            pid_flags = 1;
++            pid_path  = optarg;
++            break;
++        case 't':
++            timeout = optarg;
++            break;
++        // SSR beg
++        case 'O':
++            protocol = optarg;
++            break;
++        case 'm':
++            method = optarg;
++            break;
++        case 'o':
++            obfs = optarg;
++            break;
++        case 'G':
++            protocol_param = optarg;
++            break;
++        case 'g':
++            obfs_param = optarg;
++            break;
++        // SSR end
++        case 'c':
++            conf_path = optarg;
++            break;
++        case 'i':
++            iface = optarg;
++            break;
++        case 'd':
++            if (nameserver_num < MAX_DNS_NUM) {
++                nameservers[nameserver_num++] = optarg;
++            }
++            break;
++        case 'a':
++            user = optarg;
++            break;
++#ifdef HAVE_SETRLIMIT
++        case 'n':
++            nofile = atoi(optarg);
++            break;
++#endif
++        case 'u':
++            mode = TCP_AND_UDP;
++            break;
++        case 'U':
++            mode = UDP_ONLY;
++            break;
++        case 'v':
++            verbose = 1;
++            break;
++        case 'h':
++            usage();
++            exit(EXIT_SUCCESS);
++        case 'A':
++            auth = 1;
++            break;
++        case '6':
++            ipv6first = 1;
++            break;
++        case '?':
++            // The option character is not recognized.
++            LOGE("Unrecognized option: %s", optarg);
++            opterr = 1;
++            break;
++        }
++    }
++
++    if (opterr) {
++        usage();
++        exit(EXIT_FAILURE);
++    }
++
++    if (argc == 1) {
++        if (conf_path == NULL) {
++            conf_path = DEFAULT_CONF_PATH;
++        }
++    }
++
++    if (conf_path != NULL) {
++        jconf_t *conf = read_jconf(conf_path);
++        if (server_num == 0) {
++            server_num = conf->remote_num;
++            for (i = 0; i < server_num; i++)
++                server_host[i] = conf->remote_addr[i].host;
++        }
++        if (server_port == NULL) {
++            server_port = conf->remote_port;
++        }
++        if (password == NULL) {
++            password = conf->password;
++        }
++        // SSR beg
++        if (protocol == NULL) {
++            protocol = conf->protocol;
++            LOGI("protocol %s", protocol);
++        }
++        if (protocol_param == NULL) {
++            protocol_param = conf->protocol_param;
++            LOGI("protocol_param %s", obfs_param);
++        }
++        if (method == NULL) {
++            method = conf->method;
++            LOGI("method %s", method);
++        }
++        if (obfs == NULL) {
++            obfs = conf->obfs;
++            LOGI("obfs %s", obfs);
++        }
++        if (obfs_param == NULL) {
++            obfs_param = conf->obfs_param;
++            LOGI("obfs_param %s", obfs_param);
++        }
++        // SSR end
++        if (timeout == NULL) {
++            timeout = conf->timeout;
++        }
++        if (user == NULL) {
++            user = conf->user;
++        }
++        if (auth == 0) {
++            auth = conf->auth;
++        }
++        if (mode == TCP_ONLY) {
++            mode = conf->mode;
++        }
++        if (mtu == 0) {
++            mtu = conf->mtu;
++        }
++        if (mptcp == 0) {
++            mptcp = conf->mptcp;
++        }
++#ifdef TCP_FASTOPEN
++        if (fast_open == 0) {
++            fast_open = conf->fast_open;
++        }
++#endif
++#ifdef HAVE_SETRLIMIT
++        if (nofile == 0) {
++            nofile = conf->nofile;
++        }
++#endif
++        if (conf->nameserver != NULL) {
++            nameservers[nameserver_num++] = conf->nameserver;
++        }
++        if (ipv6first == 0) {
++            ipv6first = conf->ipv6_first;
++        }
++    }
++
++    //_compatible
++    if(strlen(protocol)>11)
++    {
++        char *text;
++        text = (char*)malloc(12);
++        memcpy(text, protocol + strlen(protocol) - 11, 12);
++
++        if(strcmp(text, "_compatible") == 0)
++        {
++            free(text);
++            text = (char*)malloc(strlen(protocol) - 11);
++            memcpy(text, protocol, strlen(protocol) - 11);
++            int length = strlen(protocol) - 11;
++            free(protocol);
++            obfs = (char*)malloc(length);
++            memset(protocol, 0x00, length);
++            memcpy(protocol, text, length);
++            LOGI("protocol compatible enable, %s", protocol);
++            free(text);
++            protocol_compatible = 1;
++        }
++    }
++
++    if(strlen(obfs)>11)
++    {
++        char *text;
++        text = (char*)malloc(12);
++        memcpy(text, obfs + strlen(obfs) - 11, 12);
++
++        if(strcmp(text, "_compatible") == 0)
++        {
++            free(text);
++            text = (char*)malloc(strlen(obfs) - 11);
++            memcpy(text, obfs, strlen(obfs) - 11);
++            int length = strlen(obfs) - 11;
++            free(obfs);
++            obfs = (char*)malloc(length);
++            memset(obfs, 0x00, length);
++            memcpy(obfs, text, length);
++            LOGI("obfs compatible enable, %s", obfs);
++            free(text);
++            obfs_compatible = 1;
++        }
++    }
++
++
++    if (server_num == 0) {
++        server_host[server_num++] = NULL;
++    }
++
++    if (server_num == 0 || server_port == NULL || password == NULL) {
++        usage();
++        exit(EXIT_FAILURE);
++    }
++
++    if (protocol && strcmp(protocol, "verify_sha1") == 0) {
++        auth = 1;
++        protocol = NULL;
++    }
++
++    if (method == NULL) {
++        method = "rc4-md5";
++    }
++
++    if (timeout == NULL) {
++        timeout = "60";
++    }
++
++#ifdef HAVE_SETRLIMIT
++    /*
++     * no need to check the return value here since we will show
++     * the user an error message if setrlimit(2) fails
++     */
++    if (nofile > 1024) {
++        if (verbose) {
++            LOGI("setting NOFILE to %d", nofile);
++        }
++        set_nofile(nofile);
++    }
++#endif
++
++    if (pid_flags) {
++        USE_SYSLOG(argv[0]);
++        daemonize(pid_path);
++    }
++
++    if (ipv6first) {
++        LOGI("resolving hostname to IPv6 address first");
++    }
++
++    if (fast_open == 1) {
++#ifdef TCP_FASTOPEN
++        LOGI("using tcp fast open");
++#else
++        LOGE("tcp fast open is not supported by this environment");
++        fast_open = 0;
++#endif
++    }
++
++    if (auth) {
++        LOGI("onetime authentication enabled");
++    }
++
++    if (mode != TCP_ONLY) {
++        LOGI("UDP relay enabled");
++    }
++
++    if (mode == UDP_ONLY) {
++        LOGI("TCP relay disabled");
++    }
++
++#ifdef __MINGW32__
++    winsock_init();
++#else
++    // ignore SIGPIPE
++    signal(SIGPIPE, SIG_IGN);
++    signal(SIGCHLD, SIG_IGN);
++    signal(SIGABRT, SIG_IGN);
++#endif
++
++    struct ev_signal sigint_watcher;
++    struct ev_signal sigterm_watcher;
++    ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
++    ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
++    ev_signal_start(EV_DEFAULT, &sigint_watcher);
++    ev_signal_start(EV_DEFAULT, &sigterm_watcher);
++
++    // setup keys
++    LOGI("initializing ciphers... %s", method);
++    int m = enc_init(password, method);
++
++    // initialize ev loop
++    struct ev_loop *loop = EV_DEFAULT;
++
++    // setup udns
++    if (nameserver_num == 0) {
++#ifdef __MINGW32__
++        nameservers[nameserver_num++] = "8.8.8.8";
++        resolv_init(loop, nameservers, nameserver_num, ipv6first);
++#else
++        resolv_init(loop, NULL, 0, ipv6first);
++#endif
++    } else {
++        resolv_init(loop, nameservers, nameserver_num, ipv6first);
++    }
++
++    for (int i = 0; i < nameserver_num; i++)
++        LOGI("using nameserver: %s", nameservers[i]);
++
++    // initialize listen context
++    listen_ctx_t listen_ctx_list[server_num];
++
++    // bind to each interface
++    while (server_num > 0) {
++        int index        = --server_num;
++        const char *host = server_host[index];
++
++        if (mode != UDP_ONLY) {
++            // Bind to port
++            int listenfd;
++            listenfd = create_and_bind(host, server_port, mptcp);
++            if (listenfd == -1) {
++                FATAL("bind() error");
++            }
++            if (listen(listenfd, SSMAXCONN) == -1) {
++                FATAL("listen() error");
++            }
++            setfastopen(listenfd);
++            setnonblocking(listenfd);
++            listen_ctx_t *listen_ctx = &listen_ctx_list[index];
++
++            // Setup proxy context
++            listen_ctx->timeout = atoi(timeout);
++            listen_ctx->fd      = listenfd;
++            listen_ctx->method  = m;
++            listen_ctx->iface   = iface;
++
++            // SSR beg
++            listen_ctx->protocol_name = protocol;
++            listen_ctx->protocol_param = protocol_param;
++            listen_ctx->method = m;
++            listen_ctx->obfs_name = obfs;
++            listen_ctx->obfs_param = obfs_param;
++            listen_ctx->list_protocol_global = malloc(sizeof(void *));
++            listen_ctx->list_obfs_global = malloc(sizeof(void *));
++            memset(listen_ctx->list_protocol_global, 0, sizeof(void *));
++            memset(listen_ctx->list_obfs_global, 0, sizeof(void *));
++            // SSR end
++
++            listen_ctx->loop    = loop;
++
++            ev_io_init(&listen_ctx->io, accept_cb, listenfd, EV_READ);
++            ev_io_start(loop, &listen_ctx->io);
++        }
++
++        // Setup UDP
++        if (mode != TCP_ONLY) {
++            init_udprelay(server_host[index], server_port, mtu, m,
++                          auth, atoi(timeout), iface, protocol, protocol_param);
++        }
++
++        if (host && strcmp(host, ":") > 0)
++            LOGI("listening at [%s]:%s", host, server_port);
++        else
++            LOGI("listening at %s:%s", host ? host : "*", server_port);
++    }
++
++    if (manager_address != NULL) {
++        ev_timer_init(&stat_update_watcher, stat_update_cb, UPDATE_INTERVAL, UPDATE_INTERVAL);
++        ev_timer_start(EV_DEFAULT, &stat_update_watcher);
++    }
++
++    ev_timer_init(&block_list_watcher, block_list_clear_cb, UPDATE_INTERVAL, UPDATE_INTERVAL);
++    ev_timer_start(EV_DEFAULT, &block_list_watcher);
++
++    // setuid
++    if (user != NULL && ! run_as(user)) {
++        FATAL("failed to switch user");
++    }
++
++#ifndef __MINGW32__
++    if (geteuid() == 0){
++        LOGI("running from root user");
++    } else if (firewall) {
++        LOGE("firewall setup requires running from root user");
++        exit(-1);
++    }
++#endif
++
++    // init block list
++    init_block_list(firewall);
++
++    // Init connections
++    cork_dllist_init(&connections);
++
++    // start ev loop
++    ev_run(loop, 0);
++
++    if (verbose) {
++        LOGI("closed gracefully");
++    }
++
++    // Free block list
++    free_block_list();
++
++    if (manager_address != NULL) {
++        ev_timer_stop(EV_DEFAULT, &stat_update_watcher);
++    }
++    ev_timer_stop(EV_DEFAULT, &block_list_watcher);
++
++    // Clean up
++    for (int i = 0; i <= server_num; i++) {
++        listen_ctx_t *listen_ctx = &listen_ctx_list[i];
++        if (mode != UDP_ONLY) {
++            ev_io_stop(loop, &listen_ctx->io);
++            close(listen_ctx->fd);
++        }
++    }
++
++    if (mode != UDP_ONLY) {
++        free_connections(loop);
++    }
++
++    if (mode != TCP_ONLY) {
++        free_udprelay();
++    }
++
++    resolv_shutdown(loop);
++
++#ifdef __MINGW32__
++    winsock_cleanup();
++#endif
++
++    ev_signal_stop(EV_DEFAULT, &sigint_watcher);
++    ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
++
++    return 0;
++}
+diff --git a/server/server.h b/server/server.h
+new file mode 100644
+index 0000000..4cd3cf6
+--- /dev/null
++++ b/server/server.h
+@@ -0,0 +1,115 @@
++/*
++ * server.h - Define shadowsocks server's buffers and callbacks
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _SERVER_H
++#define _SERVER_H
++
++#include <ev.h>
++#include <time.h>
++#include <libcork/ds.h>
++
++#include "encrypt.h"
++#include "jconf.h"
++#include "resolv.h"
++#include "obfs.h"
++#include "protocol.h"
++
++#include "common.h"
++
++typedef struct listen_ctx {
++    ev_io io;
++    int fd;
++    int timeout;
++    int method;
++    char *iface;
++    struct ev_loop *loop;
++
++    // SSR
++    char *protocol_name;
++    char *protocol_param;
++    char *obfs_name;
++    char *obfs_param;
++    void **list_protocol_global;
++    void **list_obfs_global;
++} listen_ctx_t;
++
++typedef struct server_ctx {
++    ev_io io;
++    ev_timer watcher;
++    int connected;
++    struct server *server;
++} server_ctx_t;
++
++typedef struct server {
++    int fd;
++    int stage;
++    buffer_t *buf;
++    ssize_t buf_capacity;
++    buffer_t *header_buf;
++
++    int auth;
++    struct chunk *chunk;
++
++    struct enc_ctx *e_ctx;
++    struct enc_ctx *d_ctx;
++    struct server_ctx *recv_ctx;
++    struct server_ctx *send_ctx;
++    struct listen_ctx *listen_ctx;
++    struct remote *remote;
++
++    struct ResolvQuery *query;
++
++    struct cork_dllist_item entries;
++
++    // SSR
++    obfs *protocol;
++    obfs *obfs;
++    obfs_class *protocol_plugin;
++    obfs_class *obfs_plugin;
++    int obfs_compatible_state;
++    int protocol_compatible_state;
++} server_t;
++
++typedef struct query {
++    server_t *server;
++    char hostname[257];
++} query_t;
++
++typedef struct remote_ctx {
++    ev_io io;
++    int connected;
++    struct remote *remote;
++} remote_ctx_t;
++
++typedef struct remote {
++    int fd;
++    buffer_t *buf;
++    ssize_t buf_capacity;
++    struct remote_ctx *recv_ctx;
++    struct remote_ctx *send_ctx;
++    struct server *server;
++
++    // SSR
++    int remote_index;
++} remote_t;
++
++#endif // _SERVER_H
+diff --git a/server/tls.c b/server/tls.c
+new file mode 100644
+index 0000000..5c42216
+--- /dev/null
++++ b/server/tls.c
+@@ -0,0 +1,263 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++/*
++ * This is a minimal TLS implementation intended only to parse the server name
++ * extension.  This was created based primarily on Wireshark dissection of a
++ * TLS handshake and RFC4366.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdio.h>
++#include <stdlib.h> /* malloc() */
++#include <string.h> /* strncpy() */
++
++#ifndef __MINGW32__
++#include <sys/socket.h>
++#else
++#include <win32.h>
++#endif
++
++#include "tls.h"
++#include "protocol.h"
++#include "utils.h"
++
++#define SERVER_NAME_LEN 256
++#define TLS_HEADER_LEN 5
++#define TLS_HANDSHAKE_CONTENT_TYPE 0x16
++#define TLS_HANDSHAKE_TYPE_CLIENT_HELLO 0x01
++
++#ifndef MIN
++#define MIN(X, Y) ((X) < (Y) ? (X) : (Y))
++#endif
++
++extern int verbose;
++
++static int parse_tls_header(const char *, size_t, char **);
++static int parse_extensions(const char *, size_t, char **);
++static int parse_server_name_extension(const char *, size_t, char **);
++
++static const protocol_t tls_protocol_st = {
++    .default_port =               443,
++    .parse_packet = &parse_tls_header,
++};
++const protocol_t *const tls_protocol = &tls_protocol_st;
++
++/* Parse a TLS packet for the Server Name Indication extension in the client
++ * hello handshake, returning the first servername found (pointer to static
++ * array)
++ *
++ * Returns:
++ *  >=0  - length of the hostname and updates *hostname
++ *         caller is responsible for freeing *hostname
++ *  -1   - Incomplete request
++ *  -2   - No Host header included in this request
++ *  -3   - Invalid hostname pointer
++ *  -4   - malloc failure
++ *  < -4 - Invalid TLS client hello
++ */
++static int
++parse_tls_header(const char *data, size_t data_len, char **hostname)
++{
++    char tls_content_type;
++    char tls_version_major;
++    char tls_version_minor;
++    size_t pos = TLS_HEADER_LEN;
++    size_t len;
++
++    if (hostname == NULL)
++        return -3;
++
++    /* Check that our TCP payload is at least large enough for a TLS header */
++    if (data_len < TLS_HEADER_LEN)
++        return -1;
++
++    /* SSL 2.0 compatible Client Hello
++     *
++     * High bit of first byte (length) and content type is Client Hello
++     *
++     * See RFC5246 Appendix E.2
++     */
++    if (data[0] & 0x80 && data[2] == 1) {
++        if (verbose)
++            LOGI("Received SSL 2.0 Client Hello which can not support SNI.");
++        return -2;
++    }
++
++    tls_content_type = data[0];
++    if (tls_content_type != TLS_HANDSHAKE_CONTENT_TYPE) {
++        if (verbose)
++            LOGI("Request did not begin with TLS handshake.");
++        return -5;
++    }
++
++    tls_version_major = data[1];
++    tls_version_minor = data[2];
++    if (tls_version_major < 3) {
++        if (verbose)
++            LOGI("Received SSL %d.%d handshake which can not support SNI.",
++                 tls_version_major, tls_version_minor);
++
++        return -2;
++    }
++
++    /* TLS record length */
++    len = ((unsigned char)data[3] << 8) +
++          (unsigned char)data[4] + TLS_HEADER_LEN;
++    data_len = MIN(data_len, len);
++
++    /* Check we received entire TLS record length */
++    if (data_len < len)
++        return -1;
++
++    /*
++     * Handshake
++     */
++    if (pos + 1 > data_len) {
++        return -5;
++    }
++    if (data[pos] != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) {
++        if (verbose)
++            LOGI("Not a client hello");
++
++        return -5;
++    }
++
++    /* Skip past fixed length records:
++     * 1	Handshake Type
++     * 3	Length
++     * 2	Version (again)
++     * 32	Random
++     * to	Session ID Length
++     */
++    pos += 38;
++
++    /* Session ID */
++    if (pos + 1 > data_len)
++        return -5;
++    len  = (unsigned char)data[pos];
++    pos += 1 + len;
++
++    /* Cipher Suites */
++    if (pos + 2 > data_len)
++        return -5;
++    len  = ((unsigned char)data[pos] << 8) + (unsigned char)data[pos + 1];
++    pos += 2 + len;
++
++    /* Compression Methods */
++    if (pos + 1 > data_len)
++        return -5;
++    len  = (unsigned char)data[pos];
++    pos += 1 + len;
++
++    if (pos == data_len && tls_version_major == 3 && tls_version_minor == 0) {
++        if (verbose)
++            LOGI("Received SSL 3.0 handshake without extensions");
++        return -2;
++    }
++
++    /* Extensions */
++    if (pos + 2 > data_len)
++        return -5;
++    len  = ((unsigned char)data[pos] << 8) + (unsigned char)data[pos + 1];
++    pos += 2;
++
++    if (pos + len > data_len)
++        return -5;
++    return parse_extensions(data + pos, len, hostname);
++}
++
++static int
++parse_extensions(const char *data, size_t data_len, char **hostname)
++{
++    size_t pos = 0;
++    size_t len;
++
++    /* Parse each 4 bytes for the extension header */
++    while (pos + 4 <= data_len) {
++        /* Extension Length */
++        len = ((unsigned char)data[pos + 2] << 8) +
++              (unsigned char)data[pos + 3];
++
++        /* Check if it's a server name extension */
++        if (data[pos] == 0x00 && data[pos + 1] == 0x00) {
++            /* There can be only one extension of each type, so we break
++             * our state and move p to beinnging of the extension here */
++            if (pos + 4 + len > data_len)
++                return -5;
++            return parse_server_name_extension(data + pos + 4, len, hostname);
++        }
++        pos += 4 + len; /* Advance to the next extension header */
++    }
++    /* Check we ended where we expected to */
++    if (pos != data_len)
++        return -5;
++
++    return -2;
++}
++
++static int
++parse_server_name_extension(const char *data, size_t data_len,
++                            char **hostname)
++{
++    size_t pos = 2; /* skip server name list length */
++    size_t len;
++
++    while (pos + 3 < data_len) {
++        len = ((unsigned char)data[pos + 1] << 8) +
++              (unsigned char)data[pos + 2];
++
++        if (pos + 3 + len > data_len)
++            return -5;
++
++        switch (data[pos]) { /* name type */
++        case 0x00:     /* host_name */
++            *hostname = malloc(len + 1);
++            if (*hostname == NULL) {
++                ERROR("malloc() failure");
++                return -4;
++            }
++
++            strncpy(*hostname, data + pos + 3, len);
++
++            (*hostname)[len] = '\0';
++
++            return len;
++        default:
++            if (verbose)
++                LOGI("Unknown server name extension name type: %d",
++                     data[pos]);
++        }
++        pos += 3 + len;
++    }
++    /* Check we ended where we expected to */
++    if (pos != data_len)
++        return -5;
++
++    return -2;
++}
+diff --git a/server/tls.h b/server/tls.h
+new file mode 100644
+index 0000000..3998913
+--- /dev/null
++++ b/server/tls.h
+@@ -0,0 +1,33 @@
++/*
++ * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright notice,
++ *    this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef TLS_H
++#define TLS_H
++
++#include "protocol.h"
++
++const protocol_t *const tls_protocol;
++
++#endif
+diff --git a/server/tls1.2_ticket.c b/server/tls1.2_ticket.c
+new file mode 100644
+index 0000000..88970c0
+--- /dev/null
++++ b/server/tls1.2_ticket.c
+@@ -0,0 +1,609 @@
++
++#include "tls1.2_ticket.h"
++#include "list.c"
++
++typedef struct tls12_ticket_auth_global_data {
++    uint8_t local_client_id[32];
++    List client_data;
++    time_t startup_time;
++}tls12_ticket_auth_global_data;
++
++typedef struct tls12_ticket_auth_local_data {
++    int handshake_status;
++    char *send_buffer;
++    int send_buffer_size;
++    char *recv_buffer;
++    int recv_buffer_size;
++}tls12_ticket_auth_local_data;
++
++void tls12_ticket_auth_local_data_init(tls12_ticket_auth_local_data* local) {
++    local->handshake_status = 0;
++    local->send_buffer = malloc(0);
++    local->send_buffer_size = 0;
++    local->recv_buffer = malloc(0);
++    local->recv_buffer_size = 0;
++}
++
++void * tls12_ticket_auth_init_data() {
++    tls12_ticket_auth_global_data *global = (tls12_ticket_auth_global_data*)malloc(sizeof(tls12_ticket_auth_global_data));
++    rand_bytes(global->local_client_id, 32);
++    global->client_data = list_init(22);
++    global->startup_time = time(NULL);
++    return global;
++}
++
++obfs * tls12_ticket_auth_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(tls12_ticket_auth_local_data));
++    tls12_ticket_auth_local_data_init((tls12_ticket_auth_local_data*)self->l_data);
++    return self;
++}
++
++void tls12_ticket_auth_dispose(obfs *self) {
++    tls12_ticket_auth_local_data *local = (tls12_ticket_auth_local_data*)self->l_data;
++    if (local->send_buffer != NULL) {
++        free(local->send_buffer);
++        local->send_buffer = NULL;
++    }
++    if (local->recv_buffer != NULL) {
++        free(local->recv_buffer);
++        local->recv_buffer = NULL;
++    }
++    free(local);
++    dispose_obfs(self);
++}
++
++int tls12_ticket_pack_auth_data(tls12_ticket_auth_global_data *global, server_info *server, char *outdata) {
++    int out_size = 32;
++    time_t t = time(NULL);
++    outdata[0] = t >> 24;
++    outdata[1] = t >> 16;
++    outdata[2] = t >> 8;
++    outdata[3] = t;
++    rand_bytes((uint8_t*)outdata + 4, 18);
++
++    uint8_t *key = (uint8_t*)malloc(server->key_len + 32);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    memcpy(key, server->key, server->key_len);
++    memcpy(key + server->key_len, global->local_client_id, 32);
++    ss_sha1_hmac_with_key(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, key, server->key_len + 32);
++    free(key);
++    memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN);
++    return out_size;
++}
++
++void tls12_ticket_auth_pack_data(char *encryptdata, int datalength, int start, int len, char *out_buffer, int outlength) {
++    out_buffer[outlength] = 0x17;
++    out_buffer[outlength + 1] = 0x3;
++    out_buffer[outlength + 2] = 0x3;
++    out_buffer[outlength + 3] = len >> 8;
++    out_buffer[outlength + 4] = len;
++    memcpy(out_buffer + outlength + 5, encryptdata + start, len);
++}
++
++int tls12_ticket_auth_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity) {
++    char *encryptdata = *pencryptdata;
++    tls12_ticket_auth_local_data *local = (tls12_ticket_auth_local_data*)self->l_data;
++    tls12_ticket_auth_global_data *global = (tls12_ticket_auth_global_data*)self->server.g_data;
++    char * out_buffer = NULL;
++
++    if (local->handshake_status == 8) {
++        if (datalength < 1024) {
++            if (*capacity < datalength + 5) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = (datalength + 5) * 2);
++                encryptdata = *pencryptdata;
++            }
++            memmove(encryptdata + 5, encryptdata, datalength);
++            encryptdata[0] = 0x17;
++            encryptdata[1] = 0x3;
++            encryptdata[2] = 0x3;
++            encryptdata[3] = datalength >> 8;
++            encryptdata[4] = datalength;
++            return datalength + 5;
++        } else {
++            out_buffer = (char*)malloc(datalength + 2048);
++            int start = 0;
++            int outlength = 0;
++            int len;
++            while (datalength - start > 2048) {
++                len = xorshift128plus() % 4096 + 100;
++                if (len > datalength - start)
++                    len = datalength - start;
++                tls12_ticket_auth_pack_data(encryptdata, datalength, start, len, out_buffer, outlength);
++                outlength += len + 5;
++                start += len;
++            }
++            if (datalength - start > 0) {
++                len = datalength - start;
++                tls12_ticket_auth_pack_data(encryptdata, datalength, start, len, out_buffer, outlength);
++                outlength += len + 5;
++            }
++            if (*capacity < outlength) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++                encryptdata = *pencryptdata;
++            }
++            memcpy(encryptdata, out_buffer, outlength);
++            free(out_buffer);
++            return outlength;
++        }
++    }
++    local->send_buffer = (char*)realloc(local->send_buffer, local->send_buffer_size + datalength + 5);
++    memcpy(local->send_buffer + local->send_buffer_size + 5, encryptdata, datalength);
++    local->send_buffer[local->send_buffer_size] = 0x17;
++    local->send_buffer[local->send_buffer_size + 1] = 0x3;
++    local->send_buffer[local->send_buffer_size + 2] = 0x3;
++    local->send_buffer[local->send_buffer_size + 3] = datalength >> 8;
++    local->send_buffer[local->send_buffer_size + 4] = datalength;
++    local->send_buffer_size += datalength + 5;
++
++    if (local->handshake_status == 0) {
++#define CSTR_DECL(name, len, str) const char* name = str; const int len = sizeof(str) - 1;
++        CSTR_DECL(tls_data0, tls_data0_len, "\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00"
++                );
++        CSTR_DECL(tls_data1, tls_data1_len, "\xff\x01\x00\x01\x00"
++                );
++        CSTR_DECL(tls_data2, tls_data2_len, "\x00\x17\x00\x00\x00\x23\x00\xd0");
++        CSTR_DECL(tls_data3, tls_data3_len, "\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18"
++                //"00150066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" // padding
++                );
++        uint8_t tls_data[2048];
++        int tls_data_len = 0;
++        memcpy(tls_data, tls_data1, tls_data1_len);
++        tls_data_len += tls_data1_len;
++
++        char hosts[1024];
++        char * phost[128];
++        int host_num = 0;
++        int pos;
++
++        char sni[256] = {0};
++        if (self->server.param && strlen(self->server.param) == 0)
++            self->server.param = NULL;
++        strncpy(hosts, self->server.param ? self->server.param : self->server.host, sizeof hosts);
++        phost[host_num++] = hosts;
++        for (pos = 0; hosts[pos]; ++pos) {
++            if (hosts[pos] == ',') {
++                phost[host_num++] = &hosts[pos + 1];
++            }
++        }
++        host_num = xorshift128plus() % host_num;
++
++        sprintf(sni, "%s", phost[host_num]);
++        int sni_len = strlen(sni);
++        if (sni_len > 0 && sni[sni_len - 1] >= '0' && sni[sni_len - 1] <= '9')
++            sni_len = 0;
++        tls_data[tls_data_len] = '\0';
++        tls_data[tls_data_len + 1] = '\0';
++        tls_data[tls_data_len + 2] = (sni_len + 5) >> 8;
++        tls_data[tls_data_len + 3] = (sni_len + 5);
++        tls_data[tls_data_len + 4] = (sni_len + 3) >> 8;
++        tls_data[tls_data_len + 5] = (sni_len + 3);
++        tls_data[tls_data_len + 6] = '\0';
++        tls_data[tls_data_len + 7] = sni_len >> 8;
++        tls_data[tls_data_len + 8] = sni_len;
++        memcpy(tls_data + tls_data_len + 9, sni, sni_len);
++        tls_data_len += 9 + sni_len;
++        memcpy(tls_data + tls_data_len, tls_data2, tls_data2_len);
++        tls_data_len += tls_data2_len;
++        rand_bytes(tls_data + tls_data_len, 208);
++        tls_data_len += 208;
++        memcpy(tls_data + tls_data_len, tls_data3, tls_data3_len);
++        tls_data_len += tls_data3_len;
++
++        datalength = 11 + 32 + 1 + 32 + tls_data0_len + 2 + tls_data_len;
++        out_buffer = (char*)malloc(datalength);
++        char *pdata = out_buffer + datalength - tls_data_len;
++        int len = tls_data_len;
++        memcpy(pdata, tls_data, tls_data_len);
++        pdata[-1] = tls_data_len;
++        pdata[-2] = tls_data_len >> 8;
++        pdata -= 2; len += 2;
++        memcpy(pdata - tls_data0_len, tls_data0, tls_data0_len);
++        pdata -= tls_data0_len; len += tls_data0_len;
++        memcpy(pdata - 32, global->local_client_id, 32);
++        pdata -= 32; len += 32;
++        pdata[-1] = 0x20;
++        pdata -= 1; len += 1;
++        tls12_ticket_pack_auth_data(global, &self->server, pdata - 32);
++        pdata -= 32; len += 32;
++        pdata[-1] = 0x3;
++        pdata[-2] = 0x3; // tls version
++        pdata -= 2; len += 2;
++        pdata[-1] = len;
++        pdata[-2] = len >> 8;
++        pdata[-3] = 0;
++        pdata[-4] = 1;
++        pdata -= 4; len += 4;
++
++        pdata[-1] = len;
++        pdata[-2] = len >> 8;
++        pdata -= 2; len += 2;
++        pdata[-1] = 0x1;
++        pdata[-2] = 0x3; // tls version
++        pdata -= 2; len += 2;
++        pdata[-1] = 0x16; // tls handshake
++        pdata -= 1; len += 1;
++
++        local->handshake_status = 1;
++    } else if (datalength == 0) {
++        datalength = local->send_buffer_size + 43;
++        out_buffer = (char*)malloc(datalength);
++        char *pdata = out_buffer;
++        memcpy(pdata, "\x14\x03\x03\x00\x01\x01", 6);
++        pdata += 6;
++        memcpy(pdata, "\x16\x03\x03\x00\x20", 5);
++        pdata += 5;
++        rand_bytes((uint8_t*)pdata, 22);
++        pdata += 22;
++
++        uint8_t *key = (uint8_t*)malloc(self->server.key_len + 32);
++        char hash[ONETIMEAUTH_BYTES * 2];
++        memcpy(key, self->server.key, self->server.key_len);
++        memcpy(key + self->server.key_len, global->local_client_id, 32);
++        ss_sha1_hmac_with_key(hash, out_buffer, pdata - out_buffer, key, self->server.key_len + 32);
++        free(key);
++        memcpy(pdata, hash, OBFS_HMAC_SHA1_LEN);
++
++        pdata += OBFS_HMAC_SHA1_LEN;
++        memcpy(pdata, local->send_buffer, local->send_buffer_size);
++        free(local->send_buffer);
++        local->send_buffer = NULL;
++
++        local->handshake_status = 8;
++    } else {
++        return 0;
++    }
++    if (*capacity < datalength) {
++        *pencryptdata = (char*)realloc(*pencryptdata, *capacity = datalength * 2);
++        encryptdata = *pencryptdata;
++    }
++    memmove(encryptdata, out_buffer, datalength);
++    free(out_buffer);
++    return datalength;
++}
++
++int tls12_ticket_auth_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity) {
++    char *encryptdata = *pencryptdata;
++    tls12_ticket_auth_local_data *local = (tls12_ticket_auth_local_data*)self->l_data;
++    tls12_ticket_auth_global_data *global = (tls12_ticket_auth_global_data*)self->server.g_data;
++    char * out_buffer = NULL;
++
++    if (local->handshake_status == 8) {
++        if (datalength < 1024) {
++            if (*capacity < datalength + 5) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = (datalength + 5) * 2);
++                encryptdata = *pencryptdata;
++            }
++            memmove(encryptdata + 5, encryptdata, datalength);
++            encryptdata[0] = 0x17;
++            encryptdata[1] = 0x3;
++            encryptdata[2] = 0x3;
++            encryptdata[3] = datalength >> 8;
++            encryptdata[4] = datalength;
++            return datalength + 5;
++        } else {
++            out_buffer = (char*)malloc(datalength + 2048);
++            int start = 0;
++            int outlength = 0;
++            int len;
++            while (datalength - start > 2048) {
++                len = xorshift128plus() % 4096 + 100;
++                if (len > datalength - start)
++                    len = datalength - start;
++                tls12_ticket_auth_pack_data(encryptdata, datalength, start, len, out_buffer, outlength);
++                outlength += len + 5;
++                start += len;
++            }
++            if (datalength - start > 0) {
++                len = datalength - start;
++                tls12_ticket_auth_pack_data(encryptdata, datalength, start, len, out_buffer, outlength);
++                outlength += len + 5;
++            }
++            if (*capacity < outlength) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = outlength * 2);
++                encryptdata = *pencryptdata;
++            }
++            memcpy(encryptdata, out_buffer, outlength);
++            free(out_buffer);
++            return outlength;
++        }
++    }
++
++    local->handshake_status = 3;
++
++    out_buffer = (char*)malloc(43 + 86);
++    int data_len = 0;
++    char *p_data = out_buffer + 86;
++
++    memcpy(p_data - 10, "\xc0\x2f\x00\x00\x05\xff\x01\x00\x01\x00", 10);
++    p_data -= 10;data_len += 10;
++
++    memcpy(p_data - 32, global->local_client_id, 32);
++    p_data -= 32;data_len += 32;
++
++    p_data[-1] = 0x20;
++    p_data -= 1;data_len += 1;
++
++    tls12_ticket_pack_auth_data(global, &self->server, p_data - 32);
++    p_data -= 32;data_len += 32;
++
++    p_data[-1] = 0x3;
++    p_data[-2] = 0x3; // tls version
++    p_data -= 2;data_len += 2;
++
++    p_data[-1] = data_len;
++    p_data[-2] = data_len >> 8;
++    p_data[-3] = 0x00;
++    p_data[-4] = 0x02;
++    p_data -= 4; data_len += 4;
++
++    p_data[-1] = data_len;
++    p_data[-2] = data_len >> 8;
++    p_data[-3] = 0x03;
++    p_data[-4] = 0x03;
++    p_data[-5] = 0x16;
++    p_data -= 5; data_len += 5;
++
++    memcpy(out_buffer, p_data, data_len);
++    char *pdata = out_buffer + 86;
++
++    memcpy(pdata, "\x14\x03\x03\x00\x01\x01", 6);
++    pdata += 6;
++    memcpy(pdata, "\x16\x03\x03\x00\x20", 5);
++    pdata += 5;
++    rand_bytes((uint8_t*)pdata, 22);
++    pdata += 22;
++
++    uint8_t *key = (uint8_t*)malloc(self->server.key_len + 32);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    memcpy(key, self->server.key, self->server.key_len);
++    memcpy(key + self->server.key_len, global->local_client_id, 32);
++    ss_sha1_hmac_with_key(hash, out_buffer, 43 + 86, key, self->server.key_len + 32);
++    free(key);
++    memcpy(pdata, hash, OBFS_HMAC_SHA1_LEN);
++
++    memmove(encryptdata, out_buffer, 43 + 86);
++    free(out_buffer);
++    return 43 + 86;
++}
++
++int tls12_ticket_auth_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback) {
++    char *encryptdata = *pencryptdata;
++    tls12_ticket_auth_local_data *local = (tls12_ticket_auth_local_data*)self->l_data;
++    tls12_ticket_auth_global_data *global = (tls12_ticket_auth_global_data*)self->server.g_data;
++
++    *needsendback = 0;
++
++    if (local->handshake_status == 8) {
++        local->recv_buffer_size += datalength;
++        local->recv_buffer = (char*)realloc(local->recv_buffer, local->recv_buffer_size);
++        memcpy(local->recv_buffer + local->recv_buffer_size - datalength, encryptdata, datalength);
++        datalength = 0;
++        while (local->recv_buffer_size > 5) {
++            if (local->recv_buffer[0] != 0x17)
++                return -1;
++            int size = ((int)(unsigned char)local->recv_buffer[3] << 8) + (unsigned char)local->recv_buffer[4];
++            if (size + 5 > local->recv_buffer_size)
++                break;
++            if (*capacity < datalength + size) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = (datalength + size) * 2);
++                encryptdata = *pencryptdata;
++            }
++            memcpy(encryptdata + datalength, local->recv_buffer + 5, size);
++            datalength += size;
++            local->recv_buffer_size -= 5 + size;
++            memmove(local->recv_buffer, local->recv_buffer + 5 + size, local->recv_buffer_size);
++        }
++        return datalength;
++    }
++    if (datalength < 11 + 32 + 1 + 32) {
++        return -1;
++    }
++
++    uint8_t *key = (uint8_t*)malloc(self->server.key_len + 32);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    memcpy(key, self->server.key, self->server.key_len);
++    memcpy(key + self->server.key_len, global->local_client_id, 32);
++    ss_sha1_hmac_with_key(hash, encryptdata + 11, 22, key, self->server.key_len + 32);
++    free(key);
++
++    if (memcmp(encryptdata + 33, hash, OBFS_HMAC_SHA1_LEN)) {
++        return -1;
++    }
++
++    *needsendback = 1;
++    return 0;
++}
++
++int tls12_ticket_auth_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback) {
++    char *encryptdata = *pencryptdata;
++    tls12_ticket_auth_local_data *local = (tls12_ticket_auth_local_data*)self->l_data;
++    tls12_ticket_auth_global_data *global = (tls12_ticket_auth_global_data*)self->server.g_data;
++
++    *needsendback = 0;
++
++    if (local->handshake_status == 8) {
++        if(datalength != 0)
++        {
++            local->recv_buffer = (char*)realloc(local->recv_buffer, local->recv_buffer_size + datalength);
++            memmove(local->recv_buffer + local->recv_buffer_size, encryptdata, datalength);
++            local->recv_buffer_size += datalength;
++        }
++        datalength = 0;
++
++        while (local->recv_buffer_size > 5) {
++            if (local->recv_buffer[0] != 0x17 || local->recv_buffer[1] != 0x03 || local->recv_buffer[2] != 0x03)
++            {
++                LOGE("server_decode data error, wrong tls version 3");
++                return -1;
++            }
++            int size = ((int)(unsigned char)local->recv_buffer[3] << 8) + (unsigned char)local->recv_buffer[4];
++            if (size + 5 > local->recv_buffer_size)
++                break;
++            if (*capacity < local->recv_buffer_size + size) {
++                *pencryptdata = (char*)realloc(*pencryptdata, *capacity = (local->recv_buffer_size + size) * 2);
++                encryptdata = *pencryptdata;
++            }
++            memcpy(encryptdata + datalength, local->recv_buffer + 5, size);
++            datalength += size;
++            local->recv_buffer_size -= 5 + size;
++            memmove(local->recv_buffer, local->recv_buffer + 5 + size, local->recv_buffer_size);
++        }
++        return datalength;
++    }
++
++    if (local->handshake_status == 3) {
++
++        char *verify = encryptdata;
++
++        if(datalength < 43)
++        {
++            LOGE("server_decode data error, too short:%d", (int)datalength);
++            return -1;
++        }
++
++        if(encryptdata[0] != 0x14 || encryptdata[1] != 0x03 || encryptdata[2] != 0x03 || encryptdata[3] != 0x00 || encryptdata[4] != 0x01 || encryptdata[5] != 0x01)
++        {
++            LOGE("server_decode data error, wrong tls version");
++            return -1;
++        }
++
++        encryptdata += 6;
++
++        if(encryptdata[0] != 0x16 || encryptdata[1] != 0x03 || encryptdata[2] != 0x03 || encryptdata[3] != 0x00 || encryptdata[4] != 0x20)
++        {
++            LOGE("server_decode data error, wrong tls version 2");
++            return -1;
++        }
++
++        uint8_t *key = (uint8_t*)malloc(self->server.key_len + 32);
++        char hash[ONETIMEAUTH_BYTES * 2];
++        memcpy(key, self->server.key, self->server.key_len);
++        memcpy(key + self->server.key_len, global->local_client_id, 32);
++        ss_sha1_hmac_with_key(hash, verify, 33, key, self->server.key_len + 32);
++        free(key);
++
++        if (memcmp(verify + 33, hash, OBFS_HMAC_SHA1_LEN) != 0) {
++            LOGE("server_decode data error, hash Mismatch %d",(int)memcmp(verify + 33, hash, OBFS_HMAC_SHA1_LEN));
++            return -1;
++        }
++
++        local->recv_buffer_size = datalength - 43;
++        local->recv_buffer = (char*)realloc(local->recv_buffer, local->recv_buffer_size);
++        memmove(local->recv_buffer, encryptdata + 37, datalength - 43);
++
++        local->handshake_status = 8;
++        return tls12_ticket_auth_server_decode(self, pencryptdata, 0, capacity, needsendback);
++    }
++
++    local->handshake_status = 2;
++    if(encryptdata[0] != 0x16 || encryptdata[1] != 0x03 || encryptdata[2] != 0x01)
++    {
++        return -1;
++    }
++
++    encryptdata += 3;
++
++    {
++        int size = ((int)(unsigned char)encryptdata[0] << 8) + (unsigned char)encryptdata[1];
++        if(size != datalength - 5)
++        {
++            LOGE("tls_auth wrong tls head size");
++            return -1;
++        }
++    }
++
++    encryptdata += 2;
++
++    if(encryptdata[0] != 0x01 || encryptdata[1] != 0x00)
++    {
++        LOGE("tls_auth not client hello message");
++        return -1;
++    }
++
++    encryptdata += 2;
++
++    {
++        int size = ((int)(unsigned char)encryptdata[0] << 8) + (unsigned char)encryptdata[1];
++        if(size != datalength - 9)
++        {
++            LOGE("tls_auth wrong message size");
++            return -1;
++        }
++    }
++
++    encryptdata += 2;
++
++    if(encryptdata[0] != 0x03 || encryptdata[1] != 0x03)
++    {
++        LOGE("tls_auth wrong tls version");
++        return -1;
++    }
++
++    encryptdata += 2;
++
++    char *verifyid = encryptdata;
++
++    encryptdata += 32;
++
++    int sessionid_len = encryptdata[0];
++    if(sessionid_len < 32)
++    {
++        LOGE("tls_auth wrong sessionid_len");
++        return -1;
++    }
++
++    char *sessionid = encryptdata + 1;
++    memcpy(global->local_client_id , sessionid, sessionid_len);
++
++    uint8_t *key = (uint8_t*)malloc(self->server.key_len + sessionid_len);
++    char hash[ONETIMEAUTH_BYTES * 2];
++    memcpy(key, self->server.key, self->server.key_len);
++    memcpy(key + self->server.key_len, global->local_client_id, sessionid_len);
++    ss_sha1_hmac_with_key(hash, verifyid, 22, key, self->server.key_len + sessionid_len);
++    free(key);
++
++    encryptdata += (sessionid_len + 1);
++
++    long utc_time = ((int)(unsigned char)verifyid[0] << 24) + ((int)(unsigned char)verifyid[1] << 16) + ((int)(unsigned char)verifyid[2] << 8) + (unsigned char)verifyid[3];
++    time_t t = time(NULL);
++
++
++    if (self->server.param && strlen(self->server.param) == 0)
++    {
++        self->server.param = NULL;
++    }
++
++    int max_time_dif = 0;
++    int time_dif = utc_time - t;
++    if(self->server.param)
++    {
++        max_time_dif = atoi(self->server.param);
++    }
++
++    if(max_time_dif > 0 && (time_dif < -max_time_dif || time_dif > max_time_dif || utc_time - global->startup_time < -max_time_dif / 2))
++    {
++        LOGE("tls_auth wrong time");
++        return -1;
++    }
++
++    if (memcmp(verifyid + 22, hash, OBFS_HMAC_SHA1_LEN)) {
++        LOGE("tls_auth wrong sha1");
++        return -1;
++    }
++
++    int search_result = global->client_data->have_same_cmp(global->client_data, verifyid);
++    if(search_result != 0)
++    {
++        LOGE("replay attack detect!");
++        return -1;
++    }
++
++    global->client_data->add_back(global->client_data, verifyid);
++
++    encryptdata += 48;
++
++    *needsendback = 1;
++
++    return 0;
++}
+diff --git a/server/tls1.2_ticket.h b/server/tls1.2_ticket.h
+new file mode 100644
+index 0000000..10a57c9
+--- /dev/null
++++ b/server/tls1.2_ticket.h
+@@ -0,0 +1,20 @@
++/*
++ * http_simple.h - Define shadowsocksR server's buffers and callbacks
++ *
++ * Copyright (C) 2015 - 2016, Break Wa11 <mmgac001@gmail.com>
++ */
++
++#ifndef _TLS1_2_TICKET_H
++#define _TLS1_2_TICKET_H
++
++void * tls12_ticket_auth_init_data();
++obfs * tls12_ticket_auth_new_obfs();
++void tls12_ticket_auth_dispose(obfs *self);
++
++int tls12_ticket_auth_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity);
++int tls12_ticket_auth_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback);
++
++int tls12_ticket_auth_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity);
++int tls12_ticket_auth_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback);
++
++#endif // _TLS1_2_TICKET_H
+diff --git a/server/udprelay.c b/server/udprelay.c
+new file mode 100644
+index 0000000..d9251ee
+--- /dev/null
++++ b/server/udprelay.c
+@@ -0,0 +1,1452 @@
++/*
++ * udprelay.c - Setup UDP relay for both client and server
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <locale.h>
++#include <signal.h>
++#include <string.h>
++#include <strings.h>
++#include <time.h>
++#include <unistd.h>
++
++#ifndef __MINGW32__
++#include <arpa/inet.h>
++#include <errno.h>
++#include <netdb.h>
++#include <netinet/in.h>
++#include <pthread.h>
++#endif
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#if defined(HAVE_SYS_IOCTL_H) && defined(HAVE_NET_IF_H) && defined(__linux__)
++#include <net/if.h>
++#include <sys/ioctl.h>
++#define SET_INTERFACE
++#endif
++
++#ifdef __MINGW32__
++#include "win32.h"
++#endif
++
++#include <libcork/core.h>
++#include <udns.h>
++
++#include "utils.h"
++#include "netutils.h"
++#include "cache.h"
++#include "udprelay.h"
++
++#ifdef MODULE_REMOTE
++#define MAX_UDP_CONN_NUM 512
++#else
++#define MAX_UDP_CONN_NUM 256
++#endif
++
++#ifdef MODULE_REMOTE
++#ifdef MODULE_
++#error "MODULE_REMOTE and MODULE_LOCAL should not be both defined"
++#endif
++#endif
++
++#ifndef EAGAIN
++#define EAGAIN EWOULDBLOCK
++#endif
++
++#ifndef EWOULDBLOCK
++#define EWOULDBLOCK EAGAIN
++#endif
++
++static void server_recv_cb(EV_P_ ev_io *w, int revents);
++static void remote_recv_cb(EV_P_ ev_io *w, int revents);
++static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents);
++
++static char *hash_key(const int af, const struct sockaddr_storage *addr);
++#ifdef MODULE_REMOTE
++static void query_resolve_cb(struct sockaddr *addr, void *data);
++#endif
++static void close_and_free_remote(EV_P_ remote_ctx_t *ctx);
++static remote_ctx_t *new_remote(int fd, server_ctx_t *server_ctx);
++
++#ifdef ANDROID
++extern uint64_t tx;
++extern uint64_t rx;
++extern int vpn;
++#endif
++
++extern int verbose;
++#ifdef MODULE_REMOTE
++extern uint64_t tx;
++extern uint64_t rx;
++#endif
++
++static int packet_size                               = DEFAULT_PACKET_SIZE;
++static int buf_size                                  = DEFAULT_PACKET_SIZE * 2;
++static int server_num                                = 0;
++static server_ctx_t *server_ctx_list[MAX_REMOTE_NUM] = { NULL };
++
++#ifndef __MINGW32__
++static int
++setnonblocking(int fd)
++{
++    int flags;
++    if (-1 == (flags = fcntl(fd, F_GETFL, 0))) {
++        flags = 0;
++    }
++    return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
++}
++
++#endif
++
++#if defined(MODULE_REMOTE) && defined(SO_BROADCAST)
++static int
++set_broadcast(int socket_fd)
++{
++    int opt = 1;
++    return setsockopt(socket_fd, SOL_SOCKET, SO_BROADCAST, &opt, sizeof(opt));
++}
++
++#endif
++
++#ifdef SO_NOSIGPIPE
++static int
++set_nosigpipe(int socket_fd)
++{
++    int opt = 1;
++    return setsockopt(socket_fd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
++}
++
++#endif
++
++#ifdef MODULE_REDIR
++
++#ifndef IP_TRANSPARENT
++#define IP_TRANSPARENT       19
++#endif
++
++#ifndef IP_RECVORIGDSTADDR
++#define IP_RECVORIGDSTADDR   20
++#endif
++
++static int
++get_dstaddr(struct msghdr *msg, struct sockaddr_storage *dstaddr)
++{
++    struct cmsghdr *cmsg;
++
++    for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
++        if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVORIGDSTADDR) {
++            memcpy(dstaddr, CMSG_DATA(cmsg), sizeof(struct sockaddr_in));
++            dstaddr->ss_family = AF_INET;
++            return 0;
++        } else if (cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IP_RECVORIGDSTADDR) {
++            memcpy(dstaddr, CMSG_DATA(cmsg), sizeof(struct sockaddr_in6));
++            dstaddr->ss_family = AF_INET6;
++            return 0;
++        }
++    }
++
++    return 1;
++}
++
++#endif
++
++#define HASH_KEY_LEN sizeof(struct sockaddr_storage) + sizeof(int)
++static char *
++hash_key(const int af, const struct sockaddr_storage *addr)
++{
++    size_t addr_len = sizeof(struct sockaddr_storage);
++    static char key[HASH_KEY_LEN];
++
++    memset(key, 0, HASH_KEY_LEN);
++    memcpy(key, &af, sizeof(int));
++    memcpy(key + sizeof(int), (const uint8_t *)addr, addr_len);
++
++    return key;
++}
++
++#if defined(MODULE_REDIR) || defined(MODULE_REMOTE)
++static int
++construct_udprealy_header(const struct sockaddr_storage *in_addr,
++                          char *addr_header)
++{
++    int addr_header_len = 0;
++    if (in_addr->ss_family == AF_INET) {
++        struct sockaddr_in *addr = (struct sockaddr_in *)in_addr;
++        size_t addr_len          = sizeof(struct in_addr);
++        addr_header[addr_header_len++] = 1;
++        memcpy(addr_header + addr_header_len, &addr->sin_addr, addr_len);
++        addr_header_len += addr_len;
++        memcpy(addr_header + addr_header_len, &addr->sin_port, 2);
++        addr_header_len += 2;
++    } else if (in_addr->ss_family == AF_INET6) {
++        struct sockaddr_in6 *addr = (struct sockaddr_in6 *)in_addr;
++        size_t addr_len           = sizeof(struct in6_addr);
++        addr_header[addr_header_len++] = 4;
++        memcpy(addr_header + addr_header_len, &addr->sin6_addr, addr_len);
++        addr_header_len += addr_len;
++        memcpy(addr_header + addr_header_len, &addr->sin6_port, 2);
++        addr_header_len += 2;
++    } else {
++        return 0;
++    }
++    return addr_header_len;
++}
++
++#endif
++
++static int
++parse_udprealy_header(const char *buf, const size_t buf_len,
++                      char *host, char *port, struct sockaddr_storage *storage)
++{
++    const uint8_t atyp = *(uint8_t *)buf;
++    int offset         = 1;
++
++    // get remote addr and port
++    if ((atyp & ADDRTYPE_MASK) == 1) {
++        // IP V4
++        size_t in_addr_len = sizeof(struct in_addr);
++        if (buf_len >= in_addr_len + 3) {
++            if (storage != NULL) {
++                struct sockaddr_in *addr = (struct sockaddr_in *)storage;
++                addr->sin_family = AF_INET;
++                addr->sin_addr   = *(struct in_addr *)(buf + offset);
++                addr->sin_port   = *(uint16_t *)(buf + offset + in_addr_len);
++            }
++            if (host != NULL) {
++                dns_ntop(AF_INET, (const void *)(buf + offset),
++                         host, INET_ADDRSTRLEN);
++            }
++            offset += in_addr_len;
++        }
++    } else if ((atyp & ADDRTYPE_MASK) == 3) {
++        // Domain name
++        uint8_t name_len = *(uint8_t *)(buf + offset);
++        if (name_len + 4 <= buf_len) {
++            if (storage != NULL) {
++                char tmp[257] = { 0 };
++                struct cork_ip ip;
++                memcpy(tmp, buf + offset + 1, name_len);
++                if (cork_ip_init(&ip, tmp) != -1) {
++                    if (ip.version == 4) {
++                        struct sockaddr_in *addr = (struct sockaddr_in *)storage;
++                        dns_pton(AF_INET, tmp, &(addr->sin_addr));
++                        addr->sin_port   = *(uint16_t *)(buf + offset + 1 + name_len);
++                        addr->sin_family = AF_INET;
++                    } else if (ip.version == 6) {
++                        struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
++                        dns_pton(AF_INET, tmp, &(addr->sin6_addr));
++                        addr->sin6_port   = *(uint16_t *)(buf + offset + 1 + name_len);
++                        addr->sin6_family = AF_INET6;
++                    }
++                }
++            }
++            if (host != NULL) {
++                memcpy(host, buf + offset + 1, name_len);
++            }
++            offset += 1 + name_len;
++        }
++    } else if ((atyp & ADDRTYPE_MASK) == 4) {
++        // IP V6
++        size_t in6_addr_len = sizeof(struct in6_addr);
++        if (buf_len >= in6_addr_len + 3) {
++            if (storage != NULL) {
++                struct sockaddr_in6 *addr = (struct sockaddr_in6 *)storage;
++                addr->sin6_family = AF_INET6;
++                addr->sin6_addr   = *(struct in6_addr *)(buf + offset);
++                addr->sin6_port   = *(uint16_t *)(buf + offset + in6_addr_len);
++            }
++            if (host != NULL) {
++                dns_ntop(AF_INET6, (const void *)(buf + offset),
++                         host, INET6_ADDRSTRLEN);
++            }
++            offset += in6_addr_len;
++        }
++    }
++
++    if (offset == 1) {
++        LOGE("[udp] invalid header with addr type %d", atyp);
++        return 0;
++    }
++
++    if (port != NULL) {
++        sprintf(port, "%d", ntohs(*(uint16_t *)(buf + offset)));
++    }
++    offset += 2;
++
++    return offset;
++}
++
++static char *
++get_addr_str(const struct sockaddr *sa)
++{
++    static char s[SS_ADDRSTRLEN];
++    memset(s, 0, SS_ADDRSTRLEN);
++    char addr[INET6_ADDRSTRLEN] = { 0 };
++    char port[PORTSTRLEN]       = { 0 };
++    uint16_t p;
++
++    switch (sa->sa_family) {
++    case AF_INET:
++        dns_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr),
++                 addr, INET_ADDRSTRLEN);
++        p = ntohs(((struct sockaddr_in *)sa)->sin_port);
++        sprintf(port, "%d", p);
++        break;
++
++    case AF_INET6:
++        dns_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr),
++                 addr, INET6_ADDRSTRLEN);
++        p = ntohs(((struct sockaddr_in *)sa)->sin_port);
++        sprintf(port, "%d", p);
++        break;
++
++    default:
++        strncpy(s, "Unknown AF", SS_ADDRSTRLEN);
++    }
++
++    int addr_len = strlen(addr);
++    int port_len = strlen(port);
++    memcpy(s, addr, addr_len);
++    memcpy(s + addr_len + 1, port, port_len);
++    s[addr_len] = ':';
++
++    return s;
++}
++
++int
++create_remote_socket(int ipv6)
++{
++    int remote_sock;
++
++    if (ipv6) {
++        // Try to bind IPv6 first
++        struct sockaddr_in6 addr;
++        memset(&addr, 0, sizeof(struct sockaddr_in6));
++        addr.sin6_family = AF_INET6;
++        addr.sin6_addr   = in6addr_any;
++        addr.sin6_port   = 0;
++        remote_sock      = socket(AF_INET6, SOCK_DGRAM, 0);
++        if (remote_sock == -1) {
++            ERROR("[udp] cannot create socket");
++            return -1;
++        }
++        if (bind(remote_sock, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
++            FATAL("[udp] cannot bind remote");
++            return -1;
++        }
++    } else {
++        // Or else bind to IPv4
++        struct sockaddr_in addr;
++        memset(&addr, 0, sizeof(struct sockaddr_in));
++        addr.sin_family      = AF_INET;
++        addr.sin_addr.s_addr = INADDR_ANY;
++        addr.sin_port        = 0;
++        remote_sock          = socket(AF_INET, SOCK_DGRAM, 0);
++        if (remote_sock == -1) {
++            ERROR("[udp] cannot create socket");
++            return -1;
++        }
++
++        if (bind(remote_sock, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
++            FATAL("[udp] cannot bind remote");
++            return -1;
++        }
++    }
++    return remote_sock;
++}
++
++int
++create_server_socket(const char *host, const char *port)
++{
++    struct addrinfo hints;
++    struct addrinfo *result, *rp, *ipv4v6bindall;
++    int s, server_sock;
++
++    memset(&hints, 0, sizeof(struct addrinfo));
++    hints.ai_family   = AF_UNSPEC;               /* Return IPv4 and IPv6 choices */
++    hints.ai_socktype = SOCK_DGRAM;              /* We want a UDP socket */
++    hints.ai_flags    = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */
++    hints.ai_protocol = IPPROTO_UDP;
++
++    s = getaddrinfo(host, port, &hints, &result);
++    if (s != 0) {
++        LOGE("[udp] getaddrinfo: %s", gai_strerror(s));
++        return -1;
++    }
++
++    rp = result;
++
++    /*
++     * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with
++     * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to
++     * return a list of addresses to listen on, but it is impossible to listen on
++     * 0.0.0.0 and :: at the same time, if :: implies dualstack mode.
++     */
++    if (!host) {
++        ipv4v6bindall = result;
++
++        /* Loop over all address infos found until a IPV6 address is found. */
++        while (ipv4v6bindall) {
++            if (ipv4v6bindall->ai_family == AF_INET6) {
++                rp = ipv4v6bindall; /* Take first IPV6 address available */
++                break;
++            }
++            ipv4v6bindall = ipv4v6bindall->ai_next; /* Get next address info, if any */
++        }
++    }
++
++    for (/*rp = result*/; rp != NULL; rp = rp->ai_next) {
++        server_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
++        if (server_sock == -1) {
++            continue;
++        }
++
++        if (rp->ai_family == AF_INET6) {
++            int ipv6only = host ? 1 : 0;
++            setsockopt(server_sock, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6only, sizeof(ipv6only));
++        }
++
++        int opt = 1;
++        setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
++#ifdef SO_NOSIGPIPE
++        set_nosigpipe(server_sock);
++#endif
++        int err = set_reuseport(server_sock);
++        if (err == 0) {
++            LOGI("udp port reuse enabled");
++        }
++#ifdef IP_TOS
++        // Set QoS flag
++        int tos = 46;
++        setsockopt(server_sock, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++#endif
++
++#ifdef MODULE_REDIR
++        if (setsockopt(server_sock, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
++            ERROR("[udp] setsockopt IP_TRANSPARENT");
++            exit(EXIT_FAILURE);
++        }
++        if (setsockopt(server_sock, IPPROTO_IP, IP_RECVORIGDSTADDR, &opt, sizeof(opt))) {
++            FATAL("[udp] setsockopt IP_RECVORIGDSTADDR");
++        }
++#endif
++
++        s = bind(server_sock, rp->ai_addr, rp->ai_addrlen);
++        if (s == 0) {
++            /* We managed to bind successfully! */
++            break;
++        } else {
++            ERROR("[udp] bind");
++        }
++
++        close(server_sock);
++    }
++
++    if (rp == NULL) {
++        LOGE("[udp] cannot bind");
++        return -1;
++    }
++
++    freeaddrinfo(result);
++
++    return server_sock;
++}
++
++remote_ctx_t *
++new_remote(int fd, server_ctx_t *server_ctx)
++{
++    remote_ctx_t *ctx = ss_malloc(sizeof(remote_ctx_t));
++    memset(ctx, 0, sizeof(remote_ctx_t));
++
++    ctx->fd         = fd;
++    ctx->server_ctx = server_ctx;
++
++    ev_io_init(&ctx->io, remote_recv_cb, fd, EV_READ);
++    ev_timer_init(&ctx->watcher, remote_timeout_cb, server_ctx->timeout,
++                  server_ctx->timeout);
++
++    return ctx;
++}
++
++server_ctx_t *
++new_server_ctx(int fd)
++{
++    server_ctx_t *ctx = ss_malloc(sizeof(server_ctx_t));
++    memset(ctx, 0, sizeof(server_ctx_t));
++
++    ctx->fd = fd;
++
++    ev_io_init(&ctx->io, server_recv_cb, fd, EV_READ);
++
++    return ctx;
++}
++
++#ifdef MODULE_REMOTE
++struct query_ctx *
++new_query_ctx(char *buf, size_t len)
++{
++    struct query_ctx *ctx = ss_malloc(sizeof(struct query_ctx));
++    memset(ctx, 0, sizeof(struct query_ctx));
++    ctx->buf = ss_malloc(sizeof(buffer_t));
++    balloc(ctx->buf, len);
++    memcpy(ctx->buf->array, buf, len);
++    ctx->buf->len = len;
++    return ctx;
++}
++
++void
++close_and_free_query(EV_P_ struct query_ctx *ctx)
++{
++    if (ctx != NULL) {
++        if (ctx->query != NULL) {
++            resolv_cancel(ctx->query);
++            ctx->query = NULL;
++        }
++        if (ctx->buf != NULL) {
++            bfree(ctx->buf);
++            ss_free(ctx->buf);
++        }
++        ss_free(ctx);
++    }
++}
++
++#endif
++
++void
++close_and_free_remote(EV_P_ remote_ctx_t *ctx)
++{
++    if (ctx != NULL) {
++        ev_timer_stop(EV_A_ & ctx->watcher);
++        ev_io_stop(EV_A_ & ctx->io);
++        close(ctx->fd);
++        ss_free(ctx);
++    }
++}
++
++static void
++remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
++{
++    remote_ctx_t *remote_ctx
++        = cork_container_of(watcher, remote_ctx_t, watcher);
++
++    if (verbose) {
++        LOGI("[udp] connection timeout");
++    }
++
++    char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
++    cache_remove(remote_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN);
++}
++
++#ifdef MODULE_REMOTE
++static void
++query_resolve_cb(struct sockaddr *addr, void *data)
++{
++    struct query_ctx *query_ctx = (struct query_ctx *)data;
++    struct ev_loop *loop        = query_ctx->server_ctx->loop;
++
++    if (verbose) {
++        LOGI("[udp] udns resolved");
++    }
++
++    query_ctx->query = NULL;
++
++    if (addr == NULL) {
++        LOGE("[udp] udns returned an error");
++    } else {
++        remote_ctx_t *remote_ctx = query_ctx->remote_ctx;
++        int cache_hit            = 0;
++
++        // Lookup in the conn cache
++        if (remote_ctx == NULL) {
++            char *key = hash_key(AF_UNSPEC, &query_ctx->src_addr);
++            cache_lookup(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
++        }
++
++        if (remote_ctx == NULL) {
++            int remotefd = create_remote_socket(addr->sa_family == AF_INET6);
++            if (remotefd != -1) {
++                setnonblocking(remotefd);
++#ifdef SO_BROADCAST
++                set_broadcast(remotefd);
++#endif
++#ifdef SO_NOSIGPIPE
++                set_nosigpipe(remotefd);
++#endif
++#ifdef IP_TOS
++                // Set QoS flag
++                int tos = 46;
++                setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++#endif
++#ifdef SET_INTERFACE
++                if (query_ctx->server_ctx->iface) {
++                    if (setinterface(remotefd, query_ctx->server_ctx->iface) == -1)
++                        ERROR("setinterface");
++                }
++#endif
++                remote_ctx                  = new_remote(remotefd, query_ctx->server_ctx);
++                remote_ctx->src_addr        = query_ctx->src_addr;
++                remote_ctx->server_ctx      = query_ctx->server_ctx;
++                remote_ctx->addr_header_len = query_ctx->addr_header_len;
++                memcpy(remote_ctx->addr_header, query_ctx->addr_header,
++                       query_ctx->addr_header_len);
++            } else {
++                ERROR("[udp] bind() error");
++            }
++        } else {
++            cache_hit = 1;
++        }
++
++        if (remote_ctx != NULL) {
++            memcpy(&remote_ctx->dst_addr, addr, sizeof(struct sockaddr_storage));
++
++            size_t addr_len = get_sockaddr_len(addr);
++            int s           = sendto(remote_ctx->fd, query_ctx->buf->array, query_ctx->buf->len,
++                                     0, addr, addr_len);
++
++            if (s == -1) {
++                ERROR("[udp] sendto_remote");
++                if (!cache_hit) {
++                    close_and_free_remote(EV_A_ remote_ctx);
++                }
++            } else {
++                if (!cache_hit) {
++                    // Add to conn cache
++                    char *key = hash_key(AF_UNSPEC, &remote_ctx->src_addr);
++                    cache_insert(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
++                    ev_io_start(EV_A_ & remote_ctx->io);
++                    ev_timer_start(EV_A_ & remote_ctx->watcher);
++                }
++            }
++        }
++    }
++
++    // clean up
++    close_and_free_query(EV_A_ query_ctx);
++}
++
++#endif
++
++static void
++remote_recv_cb(EV_P_ ev_io *w, int revents)
++{
++    ssize_t r;
++    remote_ctx_t *remote_ctx = (remote_ctx_t *)w;
++    server_ctx_t *server_ctx = remote_ctx->server_ctx;
++
++    // server has been closed
++    if (server_ctx == NULL) {
++        LOGE("[udp] invalid server");
++        close_and_free_remote(EV_A_ remote_ctx);
++        return;
++    }
++
++    struct sockaddr_storage src_addr;
++    socklen_t src_addr_len = sizeof(struct sockaddr_storage);
++    memset(&src_addr, 0, src_addr_len);
++
++    buffer_t *buf = ss_malloc(sizeof(buffer_t));
++    balloc(buf, buf_size);
++
++    // recv
++    r = recvfrom(remote_ctx->fd, buf->array, buf_size, 0, (struct sockaddr *)&src_addr, &src_addr_len);
++
++    if (r == -1) {
++        // error on recv
++        // simply drop that packet
++        ERROR("[udp] remote_recv_recvfrom");
++        goto CLEAN_UP;
++    } else if (r > packet_size) {
++        LOGE("[udp] remote_recv_recvfrom fragmentation");
++        goto CLEAN_UP;
++    }
++
++    buf->len = r;
++
++#ifdef MODULE_LOCAL
++    int err = ss_decrypt_all(buf, server_ctx->method, 0, buf_size);
++    if (err) {
++        // drop the packet silently
++        goto CLEAN_UP;
++    }
++
++    //SSR beg
++    if (server_ctx->protocol_plugin) {
++        obfs_class *protocol_plugin = server_ctx->protocol_plugin;
++        if (protocol_plugin->client_udp_post_decrypt) {
++            buf->len = protocol_plugin->client_udp_post_decrypt(server_ctx->protocol, &buf->array, buf->len, &buf->capacity);
++            if ((int)buf->len < 0) {
++                LOGE("client_udp_post_decrypt");
++                close_and_free_remote(EV_A_ remote_ctx);
++                return;
++            }
++            if ( buf->len == 0 )
++                return;
++        }
++    }
++    // SSR end
++
++#ifdef MODULE_REDIR
++    struct sockaddr_storage dst_addr;
++    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
++    int len = parse_udprealy_header(buf->array, buf->len, NULL, NULL, &dst_addr);
++
++    if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
++        LOGI("[udp] ss-redir does not support domain name");
++        goto CLEAN_UP;
++    }
++
++    if (verbose) {
++        char src[SS_ADDRSTRLEN];
++        char dst[SS_ADDRSTRLEN];
++        strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
++        strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
++        LOGI("[udp] recv %s via %s", dst, src);
++    }
++#else
++    int len = parse_udprealy_header(buf->array, buf->len, NULL, NULL, NULL);
++#endif
++
++    if (len == 0) {
++        LOGI("[udp] error in parse header");
++        // error in parse header
++        goto CLEAN_UP;
++    }
++
++    // server may return using a different address type other than the type we
++    // have used during sending
++#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
++    // Construct packet
++    buf->len -= len;
++    memmove(buf->array, buf->array + len, buf->len);
++#else
++#ifdef ANDROID
++    rx += buf->len;
++#endif
++    // Construct packet
++    brealloc(buf, buf->len + 3, buf_size);
++    memmove(buf->array + 3, buf->array, buf->len);
++    memset(buf->array, 0, 3);
++    buf->len += 3;
++#endif
++
++#endif
++
++#ifdef MODULE_REMOTE
++
++    rx += buf->len;
++
++    char addr_header_buf[512];
++    char *addr_header   = remote_ctx->addr_header;
++    int addr_header_len = remote_ctx->addr_header_len;
++
++    if (remote_ctx->af == AF_INET || remote_ctx->af == AF_INET6) {
++        addr_header_len = construct_udprealy_header(&src_addr, addr_header_buf);
++        addr_header     = addr_header_buf;
++    }
++
++    // Construct packet
++    brealloc(buf, buf->len + addr_header_len, buf_size);
++    memmove(buf->array + addr_header_len, buf->array, buf->len);
++    memcpy(buf->array, addr_header, addr_header_len);
++    buf->len += addr_header_len;
++
++    int err = ss_encrypt_all(buf, server_ctx->method, 0, buf_size);
++    if (err) {
++        // drop the packet silently
++        goto CLEAN_UP;
++    }
++
++#endif
++
++    if (buf->len > packet_size) {
++        LOGE("[udp] remote_recv_sendto fragmentation");
++        goto CLEAN_UP;
++    }
++
++    size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
++
++#ifdef MODULE_REDIR
++
++    size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
++
++    int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
++    if (src_fd < 0) {
++        ERROR("[udp] remote_recv_socket");
++        goto CLEAN_UP;
++    }
++    int opt = 1;
++    if (setsockopt(src_fd, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
++        ERROR("[udp] remote_recv_setsockopt");
++        close(src_fd);
++        goto CLEAN_UP;
++    }
++    if (setsockopt(src_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt))) {
++        ERROR("[udp] remote_recv_setsockopt");
++        close(src_fd);
++        goto CLEAN_UP;
++    }
++#ifdef IP_TOS
++    // Set QoS flag
++    int tos = 46;
++    setsockopt(src_fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++#endif
++    if (bind(src_fd, (struct sockaddr *)&dst_addr, remote_dst_addr_len) != 0) {
++        ERROR("[udp] remote_recv_bind");
++        close(src_fd);
++        goto CLEAN_UP;
++    }
++
++    int s = sendto(src_fd, buf->array, buf->len, 0,
++                   (struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
++    if (s == -1) {
++        ERROR("[udp] remote_recv_sendto");
++        close(src_fd);
++        goto CLEAN_UP;
++    }
++    close(src_fd);
++
++#else
++
++    int s = sendto(server_ctx->fd, buf->array, buf->len, 0,
++                   (struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
++    if (s == -1) {
++        ERROR("[udp] remote_recv_sendto");
++        goto CLEAN_UP;
++    }
++
++#endif
++
++    // handle the UDP packet successfully,
++    // triger the timer
++    ev_timer_again(EV_A_ & remote_ctx->watcher);
++
++CLEAN_UP:
++
++    bfree(buf);
++    ss_free(buf);
++}
++
++static void
++server_recv_cb(EV_P_ ev_io *w, int revents)
++{
++    server_ctx_t *server_ctx = (server_ctx_t *)w;
++    struct sockaddr_storage src_addr;
++    memset(&src_addr, 0, sizeof(struct sockaddr_storage));
++
++    buffer_t *buf = ss_malloc(sizeof(buffer_t));
++    balloc(buf, buf_size);
++
++    socklen_t src_addr_len = sizeof(struct sockaddr_storage);
++    unsigned int offset    = 0;
++
++#ifdef MODULE_REDIR
++    char control_buffer[64] = { 0 };
++    struct msghdr msg;
++    memset(&msg, 0, sizeof(struct msghdr));
++    struct iovec iov[1];
++    struct sockaddr_storage dst_addr;
++    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
++
++    msg.msg_name       = &src_addr;
++    msg.msg_namelen    = src_addr_len;
++    msg.msg_control    = control_buffer;
++    msg.msg_controllen = sizeof(control_buffer);
++
++    iov[0].iov_base = buf->array;
++    iov[0].iov_len  = buf_size;
++    msg.msg_iov     = iov;
++    msg.msg_iovlen  = 1;
++
++    buf->len = recvmsg(server_ctx->fd, &msg, 0);
++    if (buf->len == -1) {
++        ERROR("[udp] server_recvmsg");
++        goto CLEAN_UP;
++    } else if (buf->len > packet_size) {
++        ERROR("[udp] UDP server_recv_recvmsg fragmentation");
++        goto CLEAN_UP;
++    }
++
++    if (get_dstaddr(&msg, &dst_addr)) {
++        LOGE("[udp] unable to get dest addr");
++        goto CLEAN_UP;
++    }
++
++    src_addr_len = msg.msg_namelen;
++#else
++    ssize_t r;
++    r = recvfrom(server_ctx->fd, buf->array, buf_size,
++                 0, (struct sockaddr *)&src_addr, &src_addr_len);
++
++    if (r == -1) {
++        // error on recv
++        // simply drop that packet
++        ERROR("[udp] server_recv_recvfrom");
++        goto CLEAN_UP;
++    } else if (r > packet_size) {
++        ERROR("[udp] server_recv_recvfrom fragmentation");
++        goto CLEAN_UP;
++    }
++
++    buf->len = r;
++#endif
++
++#ifdef MODULE_REMOTE
++    tx += buf->len;
++
++    int err = ss_decrypt_all(buf, server_ctx->method, server_ctx->auth, buf_size);
++    if (err) {
++        // drop the packet silently
++        goto CLEAN_UP;
++    }
++#endif
++
++#ifdef MODULE_LOCAL
++#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
++#ifdef ANDROID
++    tx += buf->len;
++#endif
++    uint8_t frag = *(uint8_t *)(buf->array + 2);
++    offset += 3;
++#endif
++#endif
++
++    /*
++     *
++     * SOCKS5 UDP Request
++     * +----+------+------+----------+----------+----------+
++     * |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
++     * +----+------+------+----------+----------+----------+
++     * | 2  |  1   |  1   | Variable |    2     | Variable |
++     * +----+------+------+----------+----------+----------+
++     *
++     * SOCKS5 UDP Response
++     * +----+------+------+----------+----------+----------+
++     * |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
++     * +----+------+------+----------+----------+----------+
++     * | 2  |  1   |  1   | Variable |    2     | Variable |
++     * +----+------+------+----------+----------+----------+
++     *
++     * shadowsocks UDP Request (before encrypted)
++     * +------+----------+----------+----------+-------------+
++     * | ATYP | DST.ADDR | DST.PORT |   DATA   |  HMAC-SHA1  |
++     * +------+----------+----------+----------+-------------+
++     * |  1   | Variable |    2     | Variable |     10      |
++     * +------+----------+----------+----------+-------------+
++     *
++     * If ATYP & ONETIMEAUTH_FLAG(0x10) != 0, Authentication (HMAC-SHA1) is enabled.
++     *
++     * The key of HMAC-SHA1 is (IV + KEY) and the input is the whole packet.
++     * The output of HMAC-SHA is truncated to 10 bytes (leftmost bits).
++     *
++     * shadowsocks UDP Response (before encrypted)
++     * +------+----------+----------+----------+
++     * | ATYP | DST.ADDR | DST.PORT |   DATA   |
++     * +------+----------+----------+----------+
++     * |  1   | Variable |    2     | Variable |
++     * +------+----------+----------+----------+
++     *
++     * shadowsocks UDP Request and Response (after encrypted)
++     * +-------+--------------+
++     * |   IV  |    PAYLOAD   |
++     * +-------+--------------+
++     * | Fixed |   Variable   |
++     * +-------+--------------+
++     *
++     */
++
++#ifdef MODULE_REDIR
++    if (verbose) {
++        char src[SS_ADDRSTRLEN];
++        char dst[SS_ADDRSTRLEN];
++        strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
++        strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
++        LOGI("[udp] redir to %s from %s", dst, src);
++    }
++
++    char addr_header[512] = { 0 };
++    int addr_header_len   = construct_udprealy_header(&dst_addr, addr_header);
++
++    if (addr_header_len == 0) {
++        LOGE("[udp] failed to parse tproxy addr");
++        goto CLEAN_UP;
++    }
++
++    // reconstruct the buffer
++    brealloc(buf, buf->len + addr_header_len, buf_size);
++    memmove(buf->array + addr_header_len, buf->array, buf->len);
++    memcpy(buf->array, addr_header, addr_header_len);
++    buf->len += addr_header_len;
++
++#elif MODULE_TUNNEL
++
++    char addr_header[512] = { 0 };
++    char *host            = server_ctx->tunnel_addr.host;
++    char *port            = server_ctx->tunnel_addr.port;
++    uint16_t port_num     = (uint16_t)atoi(port);
++    uint16_t port_net_num = htons(port_num);
++    int addr_header_len   = 0;
++
++    struct cork_ip ip;
++    if (cork_ip_init(&ip, host) != -1) {
++        if (ip.version == 4) {
++            // send as IPv4
++            struct in_addr host_addr;
++            memset(&host_addr, 0, sizeof(struct in_addr));
++            int host_len = sizeof(struct in_addr);
++
++            if (dns_pton(AF_INET, host, &host_addr) == -1) {
++                FATAL("IP parser error");
++            }
++            addr_header[addr_header_len++] = 1;
++            memcpy(addr_header + addr_header_len, &host_addr, host_len);
++            addr_header_len += host_len;
++        } else if (ip.version == 6) {
++            // send as IPv6
++            struct in6_addr host_addr;
++            memset(&host_addr, 0, sizeof(struct in6_addr));
++            int host_len = sizeof(struct in6_addr);
++
++            if (dns_pton(AF_INET6, host, &host_addr) == -1) {
++                FATAL("IP parser error");
++            }
++            addr_header[addr_header_len++] = 4;
++            memcpy(addr_header + addr_header_len, &host_addr, host_len);
++            addr_header_len += host_len;
++        } else {
++            FATAL("IP parser error");
++        }
++    } else {
++        // send as domain
++        int host_len = strlen(host);
++
++        addr_header[addr_header_len++] = 3;
++        addr_header[addr_header_len++] = host_len;
++        memcpy(addr_header + addr_header_len, host, host_len);
++        addr_header_len += host_len;
++    }
++    memcpy(addr_header + addr_header_len, &port_net_num, 2);
++    addr_header_len += 2;
++
++    // reconstruct the buffer
++    brealloc(buf, buf->len + addr_header_len, buf_size);
++    memmove(buf->array + addr_header_len, buf->array, buf->len);
++    memcpy(buf->array, addr_header, addr_header_len);
++    buf->len += addr_header_len;
++
++#else
++
++    char host[257] = { 0 };
++    char port[64]  = { 0 };
++    struct sockaddr_storage dst_addr;
++    memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
++
++    int addr_header_len = parse_udprealy_header(buf->array + offset, buf->len - offset,
++                                                host, port, &dst_addr);
++    if (addr_header_len == 0) {
++        // error in parse header
++        goto CLEAN_UP;
++    }
++
++    char *addr_header = buf->array + offset;
++#endif
++
++#ifdef MODULE_LOCAL
++    char *key = hash_key(server_ctx->remote_addr->sa_family, &src_addr);
++#else
++    char *key = hash_key(dst_addr.ss_family, &src_addr);
++#endif
++
++    struct cache *conn_cache = server_ctx->conn_cache;
++
++    remote_ctx_t *remote_ctx = NULL;
++    cache_lookup(conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
++
++    if (remote_ctx != NULL) {
++        if (sockaddr_cmp(&src_addr, &remote_ctx->src_addr, sizeof(src_addr))) {
++            remote_ctx = NULL;
++        }
++    }
++
++    // reset the timer
++    if (remote_ctx != NULL) {
++        ev_timer_again(EV_A_ & remote_ctx->watcher);
++    }
++
++    if (remote_ctx == NULL) {
++        if (verbose) {
++#ifdef MODULE_REDIR
++            char src[SS_ADDRSTRLEN];
++            char dst[SS_ADDRSTRLEN];
++            strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
++            strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
++            LOGI("[udp] cache miss: %s <-> %s", dst, src);
++#else
++            LOGI("[udp] cache miss: %s:%s <-> %s", host, port,
++                 get_addr_str((struct sockaddr *)&src_addr));
++#endif
++        }
++    } else {
++        if (verbose) {
++#ifdef MODULE_REDIR
++            char src[SS_ADDRSTRLEN];
++            char dst[SS_ADDRSTRLEN];
++            strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
++            strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
++            LOGI("[udp] cache hit: %s <-> %s", dst, src);
++#else
++            LOGI("[udp] cache hit: %s:%s <-> %s", host, port,
++                 get_addr_str((struct sockaddr *)&src_addr));
++#endif
++        }
++    }
++
++#ifdef MODULE_LOCAL
++
++#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
++    if (frag) {
++        LOGE("[udp] drop a message since frag is not 0, but %d", frag);
++        goto CLEAN_UP;
++    }
++#endif
++
++    const struct sockaddr *remote_addr = server_ctx->remote_addr;
++    const int remote_addr_len          = server_ctx->remote_addr_len;
++
++    if (remote_ctx == NULL) {
++        // Bind to any port
++        int remotefd = create_remote_socket(remote_addr->sa_family == AF_INET6);
++        if (remotefd < 0) {
++            ERROR("[udp] udprelay bind() error");
++            goto CLEAN_UP;
++        }
++        setnonblocking(remotefd);
++
++#ifdef SO_NOSIGPIPE
++        set_nosigpipe(remotefd);
++#endif
++#ifdef IP_TOS
++        // Set QoS flag
++        int tos = 46;
++        setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++#endif
++#ifdef SET_INTERFACE
++        if (server_ctx->iface) {
++            if (setinterface(remotefd, server_ctx->iface) == -1)
++                ERROR("setinterface");
++        }
++#endif
++
++#ifdef ANDROID
++        if (vpn) {
++            if (protect_socket(remotefd) == -1) {
++                ERROR("protect_socket");
++                close(remotefd);
++                goto CLEAN_UP;
++            }
++        }
++#endif
++
++        // Init remote_ctx
++        remote_ctx                  = new_remote(remotefd, server_ctx);
++        remote_ctx->src_addr        = src_addr;
++        remote_ctx->af              = remote_addr->sa_family;
++        remote_ctx->addr_header_len = addr_header_len;
++        memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
++
++        // Add to conn cache
++        cache_insert(conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
++
++        // Start remote io
++        ev_io_start(EV_A_ & remote_ctx->io);
++        ev_timer_start(EV_A_ & remote_ctx->watcher);
++    }
++
++    if (offset > 0) {
++        buf->len -= offset;
++        memmove(buf->array, buf->array + offset, buf->len);
++    }
++
++    if (server_ctx->auth) {
++        buf->array[0] |= ONETIMEAUTH_FLAG;
++    }
++
++    // SSR beg
++    if (server_ctx->protocol_plugin) {
++        obfs_class *protocol_plugin = server_ctx->protocol_plugin;
++        if (protocol_plugin->client_udp_pre_encrypt) {
++            buf->len = protocol_plugin->client_udp_pre_encrypt(server_ctx->protocol, &buf->array, buf->len, &buf->capacity);
++        }
++    }
++    //SSR end
++
++    int err = ss_encrypt_all(buf, server_ctx->method, server_ctx->auth, buf->len);
++
++    if (err) {
++        // drop the packet silently
++        goto CLEAN_UP;
++    }
++
++    if (buf->len > packet_size) {
++        LOGE("[udp] server_recv_sendto fragmentation");
++        goto CLEAN_UP;
++    }
++
++    int s = sendto(remote_ctx->fd, buf->array, buf->len, 0, remote_addr, remote_addr_len);
++
++    if (s == -1) {
++        ERROR("[udp] server_recv_sendto");
++    }
++
++#else
++
++    int cache_hit  = 0;
++    int need_query = 0;
++
++    if (buf->len - addr_header_len > packet_size) {
++        LOGE("[udp] server_recv_sendto fragmentation");
++        goto CLEAN_UP;
++    }
++
++    if (remote_ctx != NULL) {
++        cache_hit = 1;
++        // detect destination mismatch
++        if (remote_ctx->addr_header_len != addr_header_len
++            || memcmp(addr_header, remote_ctx->addr_header, addr_header_len) != 0) {
++            if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
++                need_query = 1;
++            }
++        } else {
++            memcpy(&dst_addr, &remote_ctx->dst_addr, sizeof(struct sockaddr_storage));
++        }
++    } else {
++        if (dst_addr.ss_family == AF_INET || dst_addr.ss_family == AF_INET6) {
++            int remotefd = create_remote_socket(dst_addr.ss_family == AF_INET6);
++            if (remotefd != -1) {
++                setnonblocking(remotefd);
++#ifdef SO_BROADCAST
++                set_broadcast(remotefd);
++#endif
++#ifdef SO_NOSIGPIPE
++                set_nosigpipe(remotefd);
++#endif
++#ifdef IP_TOS
++                // Set QoS flag
++                int tos = 46;
++                setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++#endif
++#ifdef SET_INTERFACE
++                if (server_ctx->iface) {
++                    if (setinterface(remotefd, server_ctx->iface) == -1)
++                        ERROR("setinterface");
++                }
++#endif
++                remote_ctx                  = new_remote(remotefd, server_ctx);
++                remote_ctx->src_addr        = src_addr;
++                remote_ctx->server_ctx      = server_ctx;
++                remote_ctx->addr_header_len = addr_header_len;
++                memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
++                memcpy(&remote_ctx->dst_addr, &dst_addr, sizeof(struct sockaddr_storage));
++            } else {
++                ERROR("[udp] bind() error");
++                goto CLEAN_UP;
++            }
++        }
++    }
++
++    if (remote_ctx != NULL && !need_query) {
++        size_t addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
++        int s           = sendto(remote_ctx->fd, buf->array + addr_header_len,
++                                 buf->len - addr_header_len, 0,
++                                 (struct sockaddr *)&dst_addr, addr_len);
++
++        if (s == -1) {
++            ERROR("[udp] sendto_remote");
++            if (!cache_hit) {
++                close_and_free_remote(EV_A_ remote_ctx);
++            }
++        } else {
++            if (!cache_hit) {
++                // Add to conn cache
++                remote_ctx->af = dst_addr.ss_family;
++                char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
++                cache_insert(server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
++
++                ev_io_start(EV_A_ & remote_ctx->io);
++                ev_timer_start(EV_A_ & remote_ctx->watcher);
++            }
++        }
++    } else {
++        struct addrinfo hints;
++        memset(&hints, 0, sizeof(struct addrinfo));
++        hints.ai_family   = AF_UNSPEC;
++        hints.ai_socktype = SOCK_DGRAM;
++        hints.ai_protocol = IPPROTO_UDP;
++
++        struct query_ctx *query_ctx = new_query_ctx(buf->array + addr_header_len,
++                                                    buf->len - addr_header_len);
++        query_ctx->server_ctx      = server_ctx;
++        query_ctx->addr_header_len = addr_header_len;
++        query_ctx->src_addr        = src_addr;
++        memcpy(query_ctx->addr_header, addr_header, addr_header_len);
++
++        if (need_query) {
++            query_ctx->remote_ctx = remote_ctx;
++        }
++
++        struct ResolvQuery *query = resolv_query(host, query_resolve_cb,
++                                                 NULL, query_ctx, htons(atoi(port)));
++        if (query == NULL) {
++            ERROR("[udp] unable to create DNS query");
++            close_and_free_query(EV_A_ query_ctx);
++            goto CLEAN_UP;
++        }
++        query_ctx->query = query;
++    }
++#endif
++
++CLEAN_UP:
++    bfree(buf);
++    ss_free(buf);
++}
++
++void
++free_cb(void *key, void *element)
++{
++    remote_ctx_t *remote_ctx = (remote_ctx_t *)element;
++
++    if (verbose) {
++        LOGI("[udp] one connection freed");
++    }
++
++    close_and_free_remote(EV_DEFAULT, remote_ctx);
++}
++
++int
++init_udprelay(const char *server_host, const char *server_port,
++#ifdef MODULE_LOCAL
++              const struct sockaddr *remote_addr, const int remote_addr_len,
++#ifdef MODULE_TUNNEL
++              const ss_addr_t tunnel_addr,
++#endif
++#endif
++              int mtu, int method, int auth, int timeout, const char *iface, const char *protocol, const char *protocol_param)
++{
++    // Initialize ev loop
++    struct ev_loop *loop = EV_DEFAULT;
++
++    // Initialize MTU
++    if (mtu > 0) {
++        packet_size = mtu - 1 - 28 - 2 - 64;
++        buf_size    = packet_size * 2;
++    }
++
++    // Initialize cache
++    struct cache *conn_cache;
++    cache_create(&conn_cache, MAX_UDP_CONN_NUM, free_cb);
++
++    // ////////////////////////////////////////////////
++    // Setup server context
++
++    // Bind to port
++    int serverfd = create_server_socket(server_host, server_port);
++    if (serverfd < 0) {
++        FATAL("[udp] bind() error");
++    }
++    setnonblocking(serverfd);
++    if (protocol != NULL && strcmp(protocol, "verify_sha1") == 0) {
++        auth = 1;
++        protocol = NULL;
++    }
++
++    server_ctx_t *server_ctx = new_server_ctx(serverfd);
++#ifdef MODULE_REMOTE
++    server_ctx->loop = loop;
++#endif
++    server_ctx->auth       = auth;
++    server_ctx->timeout    = max(timeout, MIN_UDP_TIMEOUT);
++    server_ctx->method     = method;
++    server_ctx->iface      = iface;
++    server_ctx->conn_cache = conn_cache;
++#ifdef MODULE_LOCAL
++    server_ctx->remote_addr     = remote_addr;
++    server_ctx->remote_addr_len = remote_addr_len;
++    //SSR beg
++    server_ctx->protocol_plugin = new_obfs_class((char *)protocol);
++    if (server_ctx->protocol_plugin) {
++        server_ctx->protocol = server_ctx->protocol_plugin->new_obfs();
++        server_ctx->protocol_global = server_ctx->protocol_plugin->init_data();
++    }
++
++    server_info _server_info;
++    memset(&_server_info, 0, sizeof(server_info));
++    strcpy(_server_info.host, inet_ntoa(((struct sockaddr_in*)remote_addr)->sin_addr));
++    _server_info.port = ((struct sockaddr_in*)remote_addr)->sin_port;
++    _server_info.port = _server_info.port >> 8 | _server_info.port << 8;
++    _server_info.g_data = server_ctx->protocol_global;
++    _server_info.param = (char *)protocol_param;
++    _server_info.key = enc_get_key();
++    _server_info.key_len = enc_get_key_len();
++
++    if (server_ctx->protocol_plugin)
++        server_ctx->protocol_plugin->set_server_info(server_ctx->protocol, &_server_info);
++    //SSR end
++#ifdef MODULE_TUNNEL
++    server_ctx->tunnel_addr = tunnel_addr;
++#endif
++#endif
++
++    ev_io_start(loop, &server_ctx->io);
++
++    server_ctx_list[server_num++] = server_ctx;
++
++    return 0;
++}
++
++void
++free_udprelay()
++{
++    struct ev_loop *loop = EV_DEFAULT;
++    while (server_num-- > 0) {
++        server_ctx_t *server_ctx = server_ctx_list[server_num];
++
++#ifdef MODULE_LOCAL
++        //SSR beg
++        if (server_ctx->protocol_plugin) {
++            server_ctx->protocol_plugin->dispose(server_ctx->protocol);
++            server_ctx->protocol = NULL;
++            free_obfs_class(server_ctx->protocol_plugin);
++            server_ctx->protocol_plugin = NULL;
++        }
++        //SSR end
++#endif
++
++        ev_io_stop(loop, &server_ctx->io);
++        close(server_ctx->fd);
++        cache_delete(server_ctx->conn_cache, 0);
++        ss_free(server_ctx);
++        server_ctx_list[server_num] = NULL;
++    }
++}
+diff --git a/server/udprelay.h b/server/udprelay.h
+new file mode 100644
+index 0000000..89876d4
+--- /dev/null
++++ b/server/udprelay.h
+@@ -0,0 +1,95 @@
++/*
++ * udprelay.h - Define UDP relay's buffers and callbacks
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef _UDPRELAY_H
++#define _UDPRELAY_H
++
++#include <ev.h>
++#include <time.h>
++
++#include "encrypt.h"
++#include "jconf.h"
++#include "obfs.h"
++
++#ifdef MODULE_REMOTE
++#include "resolv.h"
++#endif
++
++#include "cache.h"
++
++#include "common.h"
++
++#define MAX_UDP_PACKET_SIZE (65507)
++
++#define DEFAULT_PACKET_SIZE 1397 // 1492 - 1 - 28 - 2 - 64 = 1397, the default MTU for UDP relay
++
++typedef struct server_ctx {
++    ev_io io;
++    int fd;
++    int method;
++    int auth;
++    int timeout;
++    const char *iface;
++    struct cache *conn_cache;
++#ifdef MODULE_LOCAL
++    const struct sockaddr *remote_addr;
++    int remote_addr_len;
++#ifdef MODULE_TUNNEL
++    ss_addr_t tunnel_addr;
++#endif
++#endif
++#ifdef MODULE_REMOTE
++    struct ev_loop *loop;
++#endif
++    // SSR
++    obfs *protocol;
++    obfs_class *protocol_plugin;
++    void *protocol_global;
++} server_ctx_t;
++
++#ifdef MODULE_REMOTE
++typedef struct query_ctx {
++    struct ResolvQuery *query;
++    struct sockaddr_storage src_addr;
++    buffer_t *buf;
++    int addr_header_len;
++    char addr_header[384];
++    struct server_ctx *server_ctx;
++    struct remote_ctx *remote_ctx;
++} query_ctx_t;
++#endif
++
++typedef struct remote_ctx {
++    ev_io io;
++    ev_timer watcher;
++    int af;
++    int fd;
++    int addr_header_len;
++    char addr_header[384];
++    struct sockaddr_storage src_addr;
++#ifdef MODULE_REMOTE
++    struct sockaddr_storage dst_addr;
++#endif
++    struct server_ctx *server_ctx;
++} remote_ctx_t;
++
++#endif // _UDPRELAY_H
+diff --git a/server/uthash.h b/server/uthash.h
+new file mode 100644
+index 0000000..45d1f9f
+--- /dev/null
++++ b/server/uthash.h
+@@ -0,0 +1,1074 @@
++/*
++Copyright (c) 2003-2016, Troy D. Hanson     http://troydhanson.github.com/uthash/
++All rights reserved.
++
++Redistribution and use in source and binary forms, with or without
++modification, are permitted provided that the following conditions are met:
++
++    * Redistributions of source code must retain the above copyright
++      notice, this list of conditions and the following disclaimer.
++
++THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
++IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
++OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++*/
++
++#ifndef UTHASH_H
++#define UTHASH_H
++
++#define UTHASH_VERSION 2.0.1
++
++#include <string.h>   /* memcmp,strlen */
++#include <stddef.h>   /* ptrdiff_t */
++#include <stdlib.h>   /* exit() */
++
++/* These macros use decltype or the earlier __typeof GNU extension.
++   As decltype is only available in newer compilers (VS2010 or gcc 4.3+
++   when compiling c++ source) this code uses whatever method is needed
++   or, for VS2008 where neither is available, uses casting workarounds. */
++#if defined(_MSC_VER)   /* MS compiler */
++#if _MSC_VER >= 1600 && defined(__cplusplus)  /* VS2010 or newer in C++ mode */
++#define DECLTYPE(x) (decltype(x))
++#else                   /* VS2008 or older (or VS2010 in C mode) */
++#define NO_DECLTYPE
++#define DECLTYPE(x)
++#endif
++#elif defined(__BORLANDC__) || defined(__LCC__) || defined(__WATCOMC__)
++#define NO_DECLTYPE
++#define DECLTYPE(x)
++#else                   /* GNU, Sun and other compilers */
++#define DECLTYPE(x) (__typeof(x))
++#endif
++
++#ifdef NO_DECLTYPE
++#define DECLTYPE_ASSIGN(dst,src)                                                 \
++do {                                                                             \
++  char **_da_dst = (char**)(&(dst));                                             \
++  *_da_dst = (char*)(src);                                                       \
++} while (0)
++#else
++#define DECLTYPE_ASSIGN(dst,src)                                                 \
++do {                                                                             \
++  (dst) = DECLTYPE(dst)(src);                                                    \
++} while (0)
++#endif
++
++/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */
++#if defined(_WIN32)
++#if defined(_MSC_VER) && _MSC_VER >= 1600
++#include <stdint.h>
++#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__)
++#include <stdint.h>
++#else
++typedef unsigned int uint32_t;
++typedef unsigned char uint8_t;
++#endif
++#elif defined(__GNUC__) && !defined(__VXWORKS__)
++#include <stdint.h>
++#else
++typedef unsigned int uint32_t;
++typedef unsigned char uint8_t;
++#endif
++
++#ifndef uthash_fatal
++#define uthash_fatal(msg) exit(-1)        /* fatal error (out of memory,etc) */
++#endif
++#ifndef uthash_malloc
++#define uthash_malloc(sz) malloc(sz)      /* malloc fcn                      */
++#endif
++#ifndef uthash_free
++#define uthash_free(ptr,sz) free(ptr)     /* free fcn                        */
++#endif
++#ifndef uthash_strlen
++#define uthash_strlen(s) strlen(s)
++#endif
++#ifndef uthash_memcmp
++#define uthash_memcmp(a,b,n) memcmp(a,b,n)
++#endif
++
++#ifndef uthash_noexpand_fyi
++#define uthash_noexpand_fyi(tbl)          /* can be defined to log noexpand  */
++#endif
++#ifndef uthash_expand_fyi
++#define uthash_expand_fyi(tbl)            /* can be defined to log expands   */
++#endif
++
++/* initial number of buckets */
++#define HASH_INITIAL_NUM_BUCKETS 32U     /* initial number of buckets        */
++#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */
++#define HASH_BKT_CAPACITY_THRESH 10U     /* expand when bucket count reaches */
++
++/* calculate the element whose hash handle address is hhp */
++#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho)))
++/* calculate the hash handle from element address elp */
++#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho)))
++
++#define HASH_VALUE(keyptr,keylen,hashv)                                          \
++do {                                                                             \
++  HASH_FCN(keyptr, keylen, hashv);                                               \
++} while (0)
++
++#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out)                 \
++do {                                                                             \
++  (out) = NULL;                                                                  \
++  if (head) {                                                                    \
++    unsigned _hf_bkt;                                                            \
++    HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt);                  \
++    if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) {                         \
++      HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \
++    }                                                                            \
++  }                                                                              \
++} while (0)
++
++#define HASH_FIND(hh,head,keyptr,keylen,out)                                     \
++do {                                                                             \
++  unsigned _hf_hashv;                                                            \
++  HASH_VALUE(keyptr, keylen, _hf_hashv);                                         \
++  HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out);               \
++} while (0)
++
++#ifdef HASH_BLOOM
++#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM)
++#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL)
++#define HASH_BLOOM_MAKE(tbl)                                                     \
++do {                                                                             \
++  (tbl)->bloom_nbits = HASH_BLOOM;                                               \
++  (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN);                 \
++  if (!((tbl)->bloom_bv))  { uthash_fatal( "out of memory"); }                   \
++  memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN);                                \
++  (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE;                                       \
++} while (0)
++
++#define HASH_BLOOM_FREE(tbl)                                                     \
++do {                                                                             \
++  uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN);                              \
++} while (0)
++
++#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U)))
++#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U)))
++
++#define HASH_BLOOM_ADD(tbl,hashv)                                                \
++  HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
++
++#define HASH_BLOOM_TEST(tbl,hashv)                                               \
++  HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
++
++#else
++#define HASH_BLOOM_MAKE(tbl)
++#define HASH_BLOOM_FREE(tbl)
++#define HASH_BLOOM_ADD(tbl,hashv)
++#define HASH_BLOOM_TEST(tbl,hashv) (1)
++#define HASH_BLOOM_BYTELEN 0U
++#endif
++
++#define HASH_MAKE_TABLE(hh,head)                                                 \
++do {                                                                             \
++  (head)->hh.tbl = (UT_hash_table*)uthash_malloc(                                \
++                  sizeof(UT_hash_table));                                        \
++  if (!((head)->hh.tbl))  { uthash_fatal( "out of memory"); }                    \
++  memset((head)->hh.tbl, 0, sizeof(UT_hash_table));                              \
++  (head)->hh.tbl->tail = &((head)->hh);                                          \
++  (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS;                        \
++  (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2;              \
++  (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head);                    \
++  (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc(                      \
++          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
++  if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); }             \
++  memset((head)->hh.tbl->buckets, 0,                                             \
++          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
++  HASH_BLOOM_MAKE((head)->hh.tbl);                                               \
++  (head)->hh.tbl->signature = HASH_SIGNATURE;                                    \
++} while (0)
++
++#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \
++do {                                                                             \
++  (replaced) = NULL;                                                             \
++  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
++  if (replaced) {                                                                \
++     HASH_DELETE(hh, head, replaced);                                            \
++  }                                                                              \
++  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \
++} while (0)
++
++#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \
++do {                                                                             \
++  (replaced) = NULL;                                                             \
++  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
++  if (replaced) {                                                                \
++     HASH_DELETE(hh, head, replaced);                                            \
++  }                                                                              \
++  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \
++} while (0)
++
++#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced)                   \
++do {                                                                             \
++  unsigned _hr_hashv;                                                            \
++  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
++  HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \
++} while (0)
++
++#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn)    \
++do {                                                                             \
++  unsigned _hr_hashv;                                                            \
++  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
++  HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \
++} while (0)
++
++#define HASH_APPEND_LIST(hh, head, add)                                          \
++do {                                                                             \
++  (add)->hh.next = NULL;                                                         \
++  (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail);           \
++  (head)->hh.tbl->tail->next = (add);                                            \
++  (head)->hh.tbl->tail = &((add)->hh);                                           \
++} while (0)
++
++#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \
++do {                                                                             \
++  unsigned _ha_bkt;                                                              \
++  (add)->hh.hashv = (hashval);                                                   \
++  (add)->hh.key = (char*) (keyptr);                                              \
++  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
++  if (!(head)) {                                                                 \
++    (add)->hh.next = NULL;                                                       \
++    (add)->hh.prev = NULL;                                                       \
++    (head) = (add);                                                              \
++    HASH_MAKE_TABLE(hh, head);                                                   \
++  } else {                                                                       \
++    struct UT_hash_handle *_hs_iter = &(head)->hh;                               \
++    (add)->hh.tbl = (head)->hh.tbl;                                              \
++    do {                                                                         \
++      if (cmpfcn(DECLTYPE(head) ELMT_FROM_HH((head)->hh.tbl, _hs_iter), add) > 0) \
++        break;                                                                   \
++    } while ((_hs_iter = _hs_iter->next));                                       \
++    if (_hs_iter) {                                                              \
++      (add)->hh.next = _hs_iter;                                                 \
++      if (((add)->hh.prev = _hs_iter->prev)) {                                   \
++        HH_FROM_ELMT((head)->hh.tbl, _hs_iter->prev)->next = (add);              \
++      } else {                                                                   \
++        (head) = (add);                                                          \
++      }                                                                          \
++      _hs_iter->prev = (add);                                                    \
++    } else {                                                                     \
++      HASH_APPEND_LIST(hh, head, add);                                           \
++    }                                                                            \
++  }                                                                              \
++  (head)->hh.tbl->num_items++;                                                   \
++  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
++  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
++  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
++  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
++  HASH_FSCK(hh, head);                                                           \
++} while (0)
++
++#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn)             \
++do {                                                                             \
++  unsigned _hs_hashv;                                                            \
++  HASH_VALUE(keyptr, keylen_in, _hs_hashv);                                      \
++  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \
++} while (0)
++
++#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \
++  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn)
++
++#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn)                 \
++  HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn)
++
++#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add)        \
++do {                                                                             \
++  unsigned _ha_bkt;                                                              \
++  (add)->hh.hashv = (hashval);                                                   \
++  (add)->hh.key = (char*) (keyptr);                                              \
++  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
++  if (!(head)) {                                                                 \
++    (add)->hh.next = NULL;                                                       \
++    (add)->hh.prev = NULL;                                                       \
++    (head) = (add);                                                              \
++    HASH_MAKE_TABLE(hh, head);                                                   \
++  } else {                                                                       \
++    (add)->hh.tbl = (head)->hh.tbl;                                              \
++    HASH_APPEND_LIST(hh, head, add);                                             \
++  }                                                                              \
++  (head)->hh.tbl->num_items++;                                                   \
++  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
++  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
++  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
++  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
++  HASH_FSCK(hh, head);                                                           \
++} while (0)
++
++#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add)                            \
++do {                                                                             \
++  unsigned _ha_hashv;                                                            \
++  HASH_VALUE(keyptr, keylen_in, _ha_hashv);                                      \
++  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add);      \
++} while (0)
++
++#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add)            \
++  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add)
++
++#define HASH_ADD(hh,head,fieldname,keylen_in,add)                                \
++  HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add)
++
++#define HASH_TO_BKT(hashv,num_bkts,bkt)                                          \
++do {                                                                             \
++  bkt = ((hashv) & ((num_bkts) - 1U));                                           \
++} while (0)
++
++/* delete "delptr" from the hash table.
++ * "the usual" patch-up process for the app-order doubly-linked-list.
++ * The use of _hd_hh_del below deserves special explanation.
++ * These used to be expressed using (delptr) but that led to a bug
++ * if someone used the same symbol for the head and deletee, like
++ *  HASH_DELETE(hh,users,users);
++ * We want that to work, but by changing the head (users) below
++ * we were forfeiting our ability to further refer to the deletee (users)
++ * in the patch-up process. Solution: use scratch space to
++ * copy the deletee pointer, then the latter references are via that
++ * scratch pointer rather than through the repointed (users) symbol.
++ */
++#define HASH_DELETE(hh,head,delptr)                                              \
++do {                                                                             \
++    struct UT_hash_handle *_hd_hh_del;                                           \
++    if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) )  {         \
++        uthash_free((head)->hh.tbl->buckets,                                     \
++                    (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
++        HASH_BLOOM_FREE((head)->hh.tbl);                                         \
++        uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                      \
++        head = NULL;                                                             \
++    } else {                                                                     \
++        unsigned _hd_bkt;                                                        \
++        _hd_hh_del = &((delptr)->hh);                                            \
++        if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) {     \
++            (head)->hh.tbl->tail =                                               \
++                (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +               \
++                (head)->hh.tbl->hho);                                            \
++        }                                                                        \
++        if ((delptr)->hh.prev != NULL) {                                         \
++            ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +                  \
++                    (head)->hh.tbl->hho))->next = (delptr)->hh.next;             \
++        } else {                                                                 \
++            DECLTYPE_ASSIGN(head,(delptr)->hh.next);                             \
++        }                                                                        \
++        if (_hd_hh_del->next != NULL) {                                          \
++            ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next +                     \
++                    (head)->hh.tbl->hho))->prev =                                \
++                    _hd_hh_del->prev;                                            \
++        }                                                                        \
++        HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt);   \
++        HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del);        \
++        (head)->hh.tbl->num_items--;                                             \
++    }                                                                            \
++    HASH_FSCK(hh,head);                                                          \
++} while (0)
++
++
++/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */
++#define HASH_FIND_STR(head,findstr,out)                                          \
++    HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out)
++#define HASH_ADD_STR(head,strfield,add)                                          \
++    HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add)
++#define HASH_REPLACE_STR(head,strfield,add,replaced)                             \
++    HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced)
++#define HASH_FIND_INT(head,findint,out)                                          \
++    HASH_FIND(hh,head,findint,sizeof(int),out)
++#define HASH_ADD_INT(head,intfield,add)                                          \
++    HASH_ADD(hh,head,intfield,sizeof(int),add)
++#define HASH_REPLACE_INT(head,intfield,add,replaced)                             \
++    HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced)
++#define HASH_FIND_PTR(head,findptr,out)                                          \
++    HASH_FIND(hh,head,findptr,sizeof(void *),out)
++#define HASH_ADD_PTR(head,ptrfield,add)                                          \
++    HASH_ADD(hh,head,ptrfield,sizeof(void *),add)
++#define HASH_REPLACE_PTR(head,ptrfield,add,replaced)                             \
++    HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced)
++#define HASH_DEL(head,delptr)                                                    \
++    HASH_DELETE(hh,head,delptr)
++
++/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined.
++ * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined.
++ */
++#ifdef HASH_DEBUG
++#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
++#define HASH_FSCK(hh,head)                                                       \
++do {                                                                             \
++    struct UT_hash_handle *_thh;                                                 \
++    if (head) {                                                                  \
++        unsigned _bkt_i;                                                         \
++        unsigned _count;                                                         \
++        char *_prev;                                                             \
++        _count = 0;                                                              \
++        for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) {       \
++            unsigned _bkt_count = 0;                                             \
++            _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head;                      \
++            _prev = NULL;                                                        \
++            while (_thh) {                                                       \
++               if (_prev != (char*)(_thh->hh_prev)) {                            \
++                   HASH_OOPS("invalid hh_prev %p, actual %p\n",                  \
++                    _thh->hh_prev, _prev );                                      \
++               }                                                                 \
++               _bkt_count++;                                                     \
++               _prev = (char*)(_thh);                                            \
++               _thh = _thh->hh_next;                                             \
++            }                                                                    \
++            _count += _bkt_count;                                                \
++            if ((head)->hh.tbl->buckets[_bkt_i].count !=  _bkt_count) {          \
++               HASH_OOPS("invalid bucket count %u, actual %u\n",                 \
++                (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count);              \
++            }                                                                    \
++        }                                                                        \
++        if (_count != (head)->hh.tbl->num_items) {                               \
++            HASH_OOPS("invalid hh item count %u, actual %u\n",                   \
++                (head)->hh.tbl->num_items, _count );                             \
++        }                                                                        \
++        /* traverse hh in app order; check next/prev integrity, count */         \
++        _count = 0;                                                              \
++        _prev = NULL;                                                            \
++        _thh =  &(head)->hh;                                                     \
++        while (_thh) {                                                           \
++           _count++;                                                             \
++           if (_prev !=(char*)(_thh->prev)) {                                    \
++              HASH_OOPS("invalid prev %p, actual %p\n",                          \
++                    _thh->prev, _prev );                                         \
++           }                                                                     \
++           _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh);                    \
++           _thh = ( _thh->next ?  (UT_hash_handle*)((char*)(_thh->next) +        \
++                                  (head)->hh.tbl->hho) : NULL );                 \
++        }                                                                        \
++        if (_count != (head)->hh.tbl->num_items) {                               \
++            HASH_OOPS("invalid app item count %u, actual %u\n",                  \
++                (head)->hh.tbl->num_items, _count );                             \
++        }                                                                        \
++    }                                                                            \
++} while (0)
++#else
++#define HASH_FSCK(hh,head)
++#endif
++
++/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to
++ * the descriptor to which this macro is defined for tuning the hash function.
++ * The app can #include <unistd.h> to get the prototype for write(2). */
++#ifdef HASH_EMIT_KEYS
++#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)                                   \
++do {                                                                             \
++    unsigned _klen = fieldlen;                                                   \
++    write(HASH_EMIT_KEYS, &_klen, sizeof(_klen));                                \
++    write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen);                      \
++} while (0)
++#else
++#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)
++#endif
++
++/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */
++#ifdef HASH_FUNCTION
++#define HASH_FCN HASH_FUNCTION
++#else
++#define HASH_FCN HASH_JEN
++#endif
++
++/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */
++#define HASH_BER(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned _hb_keylen=(unsigned)keylen;                                          \
++  const unsigned char *_hb_key=(const unsigned char*)(key);                      \
++  (hashv) = 0;                                                                   \
++  while (_hb_keylen-- != 0U) {                                                   \
++      (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++;                         \
++  }                                                                              \
++} while (0)
++
++
++/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at
++ * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */
++#define HASH_SAX(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned _sx_i;                                                                \
++  const unsigned char *_hs_key=(const unsigned char*)(key);                      \
++  hashv = 0;                                                                     \
++  for(_sx_i=0; _sx_i < keylen; _sx_i++) {                                        \
++      hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i];                     \
++  }                                                                              \
++} while (0)
++/* FNV-1a variation */
++#define HASH_FNV(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned _fn_i;                                                                \
++  const unsigned char *_hf_key=(const unsigned char*)(key);                      \
++  hashv = 2166136261U;                                                           \
++  for(_fn_i=0; _fn_i < keylen; _fn_i++) {                                        \
++      hashv = hashv ^ _hf_key[_fn_i];                                            \
++      hashv = hashv * 16777619U;                                                 \
++  }                                                                              \
++} while (0)
++
++#define HASH_OAT(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned _ho_i;                                                                \
++  const unsigned char *_ho_key=(const unsigned char*)(key);                      \
++  hashv = 0;                                                                     \
++  for(_ho_i=0; _ho_i < keylen; _ho_i++) {                                        \
++      hashv += _ho_key[_ho_i];                                                   \
++      hashv += (hashv << 10);                                                    \
++      hashv ^= (hashv >> 6);                                                     \
++  }                                                                              \
++  hashv += (hashv << 3);                                                         \
++  hashv ^= (hashv >> 11);                                                        \
++  hashv += (hashv << 15);                                                        \
++} while (0)
++
++#define HASH_JEN_MIX(a,b,c)                                                      \
++do {                                                                             \
++  a -= b; a -= c; a ^= ( c >> 13 );                                              \
++  b -= c; b -= a; b ^= ( a << 8 );                                               \
++  c -= a; c -= b; c ^= ( b >> 13 );                                              \
++  a -= b; a -= c; a ^= ( c >> 12 );                                              \
++  b -= c; b -= a; b ^= ( a << 16 );                                              \
++  c -= a; c -= b; c ^= ( b >> 5 );                                               \
++  a -= b; a -= c; a ^= ( c >> 3 );                                               \
++  b -= c; b -= a; b ^= ( a << 10 );                                              \
++  c -= a; c -= b; c ^= ( b >> 15 );                                              \
++} while (0)
++
++#define HASH_JEN(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned _hj_i,_hj_j,_hj_k;                                                    \
++  unsigned const char *_hj_key=(unsigned const char*)(key);                      \
++  hashv = 0xfeedbeefu;                                                           \
++  _hj_i = _hj_j = 0x9e3779b9u;                                                   \
++  _hj_k = (unsigned)(keylen);                                                    \
++  while (_hj_k >= 12U) {                                                         \
++    _hj_i +=    (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 )                      \
++        + ( (unsigned)_hj_key[2] << 16 )                                         \
++        + ( (unsigned)_hj_key[3] << 24 ) );                                      \
++    _hj_j +=    (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 )                      \
++        + ( (unsigned)_hj_key[6] << 16 )                                         \
++        + ( (unsigned)_hj_key[7] << 24 ) );                                      \
++    hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 )                         \
++        + ( (unsigned)_hj_key[10] << 16 )                                        \
++        + ( (unsigned)_hj_key[11] << 24 ) );                                     \
++                                                                                 \
++     HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                          \
++                                                                                 \
++     _hj_key += 12;                                                              \
++     _hj_k -= 12U;                                                               \
++  }                                                                              \
++  hashv += (unsigned)(keylen);                                                   \
++  switch ( _hj_k ) {                                                             \
++     case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */        \
++     case 10: hashv += ( (unsigned)_hj_key[9] << 16 );  /* FALLTHROUGH */        \
++     case 9:  hashv += ( (unsigned)_hj_key[8] << 8 );   /* FALLTHROUGH */        \
++     case 8:  _hj_j += ( (unsigned)_hj_key[7] << 24 );  /* FALLTHROUGH */        \
++     case 7:  _hj_j += ( (unsigned)_hj_key[6] << 16 );  /* FALLTHROUGH */        \
++     case 6:  _hj_j += ( (unsigned)_hj_key[5] << 8 );   /* FALLTHROUGH */        \
++     case 5:  _hj_j += _hj_key[4];                      /* FALLTHROUGH */        \
++     case 4:  _hj_i += ( (unsigned)_hj_key[3] << 24 );  /* FALLTHROUGH */        \
++     case 3:  _hj_i += ( (unsigned)_hj_key[2] << 16 );  /* FALLTHROUGH */        \
++     case 2:  _hj_i += ( (unsigned)_hj_key[1] << 8 );   /* FALLTHROUGH */        \
++     case 1:  _hj_i += _hj_key[0];                                               \
++  }                                                                              \
++  HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                             \
++} while (0)
++
++/* The Paul Hsieh hash function */
++#undef get16bits
++#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__)             \
++  || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
++#define get16bits(d) (*((const uint16_t *) (d)))
++#endif
++
++#if !defined (get16bits)
++#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)             \
++                       +(uint32_t)(((const uint8_t *)(d))[0]) )
++#endif
++#define HASH_SFH(key,keylen,hashv)                                               \
++do {                                                                             \
++  unsigned const char *_sfh_key=(unsigned const char*)(key);                     \
++  uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen;                                \
++                                                                                 \
++  unsigned _sfh_rem = _sfh_len & 3U;                                             \
++  _sfh_len >>= 2;                                                                \
++  hashv = 0xcafebabeu;                                                           \
++                                                                                 \
++  /* Main loop */                                                                \
++  for (;_sfh_len > 0U; _sfh_len--) {                                             \
++    hashv    += get16bits (_sfh_key);                                            \
++    _sfh_tmp  = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv;              \
++    hashv     = (hashv << 16) ^ _sfh_tmp;                                        \
++    _sfh_key += 2U*sizeof (uint16_t);                                            \
++    hashv    += hashv >> 11;                                                     \
++  }                                                                              \
++                                                                                 \
++  /* Handle end cases */                                                         \
++  switch (_sfh_rem) {                                                            \
++    case 3: hashv += get16bits (_sfh_key);                                       \
++            hashv ^= hashv << 16;                                                \
++            hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18;              \
++            hashv += hashv >> 11;                                                \
++            break;                                                               \
++    case 2: hashv += get16bits (_sfh_key);                                       \
++            hashv ^= hashv << 11;                                                \
++            hashv += hashv >> 17;                                                \
++            break;                                                               \
++    case 1: hashv += *_sfh_key;                                                  \
++            hashv ^= hashv << 10;                                                \
++            hashv += hashv >> 1;                                                 \
++  }                                                                              \
++                                                                                 \
++    /* Force "avalanching" of final 127 bits */                                  \
++    hashv ^= hashv << 3;                                                         \
++    hashv += hashv >> 5;                                                         \
++    hashv ^= hashv << 4;                                                         \
++    hashv += hashv >> 17;                                                        \
++    hashv ^= hashv << 25;                                                        \
++    hashv += hashv >> 6;                                                         \
++} while (0)
++
++#ifdef HASH_USING_NO_STRICT_ALIASING
++/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads.
++ * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error.
++ * MurmurHash uses the faster approach only on CPU's where we know it's safe.
++ *
++ * Note the preprocessor built-in defines can be emitted using:
++ *
++ *   gcc -m64 -dM -E - < /dev/null                  (on gcc)
++ *   cc -## a.c (where a.c is a simple test file)   (Sun Studio)
++ */
++#if (defined(__i386__) || defined(__x86_64__)  || defined(_M_IX86))
++#define MUR_GETBLOCK(p,i) p[i]
++#else /* non intel */
++#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL)
++#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL)
++#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL)
++#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL)
++#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL))
++#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__))
++#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24))
++#define MUR_TWO_TWO(p)   ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16))
++#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >>  8))
++#else /* assume little endian non-intel */
++#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24))
++#define MUR_TWO_TWO(p)   ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16))
++#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) <<  8))
++#endif
++#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) :           \
++                            (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \
++                             (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) :  \
++                                                      MUR_ONE_THREE(p))))
++#endif
++#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))
++#define MUR_FMIX(_h) \
++do {                 \
++  _h ^= _h >> 16;    \
++  _h *= 0x85ebca6bu; \
++  _h ^= _h >> 13;    \
++  _h *= 0xc2b2ae35u; \
++  _h ^= _h >> 16;    \
++} while (0)
++
++#define HASH_MUR(key,keylen,hashv)                                     \
++do {                                                                   \
++  const uint8_t *_mur_data = (const uint8_t*)(key);                    \
++  const int _mur_nblocks = (int)(keylen) / 4;                          \
++  uint32_t _mur_h1 = 0xf88D5353u;                                      \
++  uint32_t _mur_c1 = 0xcc9e2d51u;                                      \
++  uint32_t _mur_c2 = 0x1b873593u;                                      \
++  uint32_t _mur_k1 = 0;                                                \
++  const uint8_t *_mur_tail;                                            \
++  const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \
++  int _mur_i;                                                          \
++  for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) {                   \
++    _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i);                        \
++    _mur_k1 *= _mur_c1;                                                \
++    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
++    _mur_k1 *= _mur_c2;                                                \
++                                                                       \
++    _mur_h1 ^= _mur_k1;                                                \
++    _mur_h1 = MUR_ROTL32(_mur_h1,13);                                  \
++    _mur_h1 = (_mur_h1*5U) + 0xe6546b64u;                              \
++  }                                                                    \
++  _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4));          \
++  _mur_k1=0;                                                           \
++  switch((keylen) & 3U) {                                              \
++    case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \
++    case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8;  /* FALLTHROUGH */ \
++    case 1: _mur_k1 ^= (uint32_t)_mur_tail[0];                         \
++    _mur_k1 *= _mur_c1;                                                \
++    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
++    _mur_k1 *= _mur_c2;                                                \
++    _mur_h1 ^= _mur_k1;                                                \
++  }                                                                    \
++  _mur_h1 ^= (uint32_t)(keylen);                                       \
++  MUR_FMIX(_mur_h1);                                                   \
++  hashv = _mur_h1;                                                     \
++} while (0)
++#endif  /* HASH_USING_NO_STRICT_ALIASING */
++
++/* iterate over items in a known bucket to find desired item */
++#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out)               \
++do {                                                                             \
++  if ((head).hh_head != NULL) {                                                  \
++    DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head));                     \
++  } else {                                                                       \
++    (out) = NULL;                                                                \
++  }                                                                              \
++  while ((out) != NULL) {                                                        \
++    if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) {       \
++      if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) {                \
++        break;                                                                   \
++      }                                                                          \
++    }                                                                            \
++    if ((out)->hh.hh_next != NULL) {                                             \
++      DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next));                \
++    } else {                                                                     \
++      (out) = NULL;                                                              \
++    }                                                                            \
++  }                                                                              \
++} while (0)
++
++/* add an item to a bucket  */
++#define HASH_ADD_TO_BKT(head,addhh)                                              \
++do {                                                                             \
++ head.count++;                                                                   \
++ (addhh)->hh_next = head.hh_head;                                                \
++ (addhh)->hh_prev = NULL;                                                        \
++ if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); }                \
++ (head).hh_head=addhh;                                                           \
++ if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH))          \
++     && ((addhh)->tbl->noexpand != 1U)) {                                        \
++       HASH_EXPAND_BUCKETS((addhh)->tbl);                                        \
++ }                                                                               \
++} while (0)
++
++/* remove an item from a given bucket */
++#define HASH_DEL_IN_BKT(hh,head,hh_del)                                          \
++    (head).count--;                                                              \
++    if ((head).hh_head == hh_del) {                                              \
++      (head).hh_head = hh_del->hh_next;                                          \
++    }                                                                            \
++    if (hh_del->hh_prev) {                                                       \
++        hh_del->hh_prev->hh_next = hh_del->hh_next;                              \
++    }                                                                            \
++    if (hh_del->hh_next) {                                                       \
++        hh_del->hh_next->hh_prev = hh_del->hh_prev;                              \
++    }
++
++/* Bucket expansion has the effect of doubling the number of buckets
++ * and redistributing the items into the new buckets. Ideally the
++ * items will distribute more or less evenly into the new buckets
++ * (the extent to which this is true is a measure of the quality of
++ * the hash function as it applies to the key domain).
++ *
++ * With the items distributed into more buckets, the chain length
++ * (item count) in each bucket is reduced. Thus by expanding buckets
++ * the hash keeps a bound on the chain length. This bounded chain
++ * length is the essence of how a hash provides constant time lookup.
++ *
++ * The calculation of tbl->ideal_chain_maxlen below deserves some
++ * explanation. First, keep in mind that we're calculating the ideal
++ * maximum chain length based on the *new* (doubled) bucket count.
++ * In fractions this is just n/b (n=number of items,b=new num buckets).
++ * Since the ideal chain length is an integer, we want to calculate
++ * ceil(n/b). We don't depend on floating point arithmetic in this
++ * hash, so to calculate ceil(n/b) with integers we could write
++ *
++ *      ceil(n/b) = (n/b) + ((n%b)?1:0)
++ *
++ * and in fact a previous version of this hash did just that.
++ * But now we have improved things a bit by recognizing that b is
++ * always a power of two. We keep its base 2 log handy (call it lb),
++ * so now we can write this with a bit shift and logical AND:
++ *
++ *      ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0)
++ *
++ */
++#define HASH_EXPAND_BUCKETS(tbl)                                                 \
++do {                                                                             \
++    unsigned _he_bkt;                                                            \
++    unsigned _he_bkt_i;                                                          \
++    struct UT_hash_handle *_he_thh, *_he_hh_nxt;                                 \
++    UT_hash_bucket *_he_new_buckets, *_he_newbkt;                                \
++    _he_new_buckets = (UT_hash_bucket*)uthash_malloc(                            \
++             2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));            \
++    if (!_he_new_buckets) { uthash_fatal( "out of memory"); }                    \
++    memset(_he_new_buckets, 0,                                                   \
++            2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));             \
++    tbl->ideal_chain_maxlen =                                                    \
++       (tbl->num_items >> (tbl->log2_num_buckets+1U)) +                          \
++       (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U);        \
++    tbl->nonideal_items = 0;                                                     \
++    for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++)                \
++    {                                                                            \
++        _he_thh = tbl->buckets[ _he_bkt_i ].hh_head;                             \
++        while (_he_thh != NULL) {                                                \
++           _he_hh_nxt = _he_thh->hh_next;                                        \
++           HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt);           \
++           _he_newbkt = &(_he_new_buckets[ _he_bkt ]);                           \
++           if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) {                \
++             tbl->nonideal_items++;                                              \
++             _he_newbkt->expand_mult = _he_newbkt->count /                       \
++                                        tbl->ideal_chain_maxlen;                 \
++           }                                                                     \
++           _he_thh->hh_prev = NULL;                                              \
++           _he_thh->hh_next = _he_newbkt->hh_head;                               \
++           if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev =     \
++                _he_thh; }                                                       \
++           _he_newbkt->hh_head = _he_thh;                                        \
++           _he_thh = _he_hh_nxt;                                                 \
++        }                                                                        \
++    }                                                                            \
++    uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
++    tbl->num_buckets *= 2U;                                                      \
++    tbl->log2_num_buckets++;                                                     \
++    tbl->buckets = _he_new_buckets;                                              \
++    tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ?         \
++        (tbl->ineff_expands+1U) : 0U;                                            \
++    if (tbl->ineff_expands > 1U) {                                               \
++        tbl->noexpand=1;                                                         \
++        uthash_noexpand_fyi(tbl);                                                \
++    }                                                                            \
++    uthash_expand_fyi(tbl);                                                      \
++} while (0)
++
++
++/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */
++/* Note that HASH_SORT assumes the hash handle name to be hh.
++ * HASH_SRT was added to allow the hash handle name to be passed in. */
++#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn)
++#define HASH_SRT(hh,head,cmpfcn)                                                 \
++do {                                                                             \
++  unsigned _hs_i;                                                                \
++  unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize;               \
++  struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail;            \
++  if (head != NULL) {                                                            \
++      _hs_insize = 1;                                                            \
++      _hs_looping = 1;                                                           \
++      _hs_list = &((head)->hh);                                                  \
++      while (_hs_looping != 0U) {                                                \
++          _hs_p = _hs_list;                                                      \
++          _hs_list = NULL;                                                       \
++          _hs_tail = NULL;                                                       \
++          _hs_nmerges = 0;                                                       \
++          while (_hs_p != NULL) {                                                \
++              _hs_nmerges++;                                                     \
++              _hs_q = _hs_p;                                                     \
++              _hs_psize = 0;                                                     \
++              for ( _hs_i = 0; _hs_i  < _hs_insize; _hs_i++ ) {                  \
++                  _hs_psize++;                                                   \
++                  _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?              \
++                          ((void*)((char*)(_hs_q->next) +                        \
++                          (head)->hh.tbl->hho)) : NULL);                         \
++                  if (! (_hs_q) ) { break; }                                     \
++              }                                                                  \
++              _hs_qsize = _hs_insize;                                            \
++              while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\
++                  if (_hs_psize == 0U) {                                         \
++                      _hs_e = _hs_q;                                             \
++                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
++                              ((void*)((char*)(_hs_q->next) +                    \
++                              (head)->hh.tbl->hho)) : NULL);                     \
++                      _hs_qsize--;                                               \
++                  } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) {           \
++                      _hs_e = _hs_p;                                             \
++                      if (_hs_p != NULL){                                        \
++                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
++                                ((void*)((char*)(_hs_p->next) +                  \
++                                (head)->hh.tbl->hho)) : NULL);                   \
++                       }                                                         \
++                      _hs_psize--;                                               \
++                  } else if ((                                                   \
++                      cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \
++                             DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \
++                             ) <= 0) {                                           \
++                      _hs_e = _hs_p;                                             \
++                      if (_hs_p != NULL){                                        \
++                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
++                               ((void*)((char*)(_hs_p->next) +                   \
++                               (head)->hh.tbl->hho)) : NULL);                    \
++                       }                                                         \
++                      _hs_psize--;                                               \
++                  } else {                                                       \
++                      _hs_e = _hs_q;                                             \
++                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
++                              ((void*)((char*)(_hs_q->next) +                    \
++                              (head)->hh.tbl->hho)) : NULL);                     \
++                      _hs_qsize--;                                               \
++                  }                                                              \
++                  if ( _hs_tail != NULL ) {                                      \
++                      _hs_tail->next = ((_hs_e != NULL) ?                        \
++                            ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL);          \
++                  } else {                                                       \
++                      _hs_list = _hs_e;                                          \
++                  }                                                              \
++                  if (_hs_e != NULL) {                                           \
++                  _hs_e->prev = ((_hs_tail != NULL) ?                            \
++                     ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL);              \
++                  }                                                              \
++                  _hs_tail = _hs_e;                                              \
++              }                                                                  \
++              _hs_p = _hs_q;                                                     \
++          }                                                                      \
++          if (_hs_tail != NULL){                                                 \
++            _hs_tail->next = NULL;                                               \
++          }                                                                      \
++          if ( _hs_nmerges <= 1U ) {                                             \
++              _hs_looping=0;                                                     \
++              (head)->hh.tbl->tail = _hs_tail;                                   \
++              DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list));      \
++          }                                                                      \
++          _hs_insize *= 2U;                                                      \
++      }                                                                          \
++      HASH_FSCK(hh,head);                                                        \
++ }                                                                               \
++} while (0)
++
++/* This function selects items from one hash into another hash.
++ * The end result is that the selected items have dual presence
++ * in both hashes. There is no copy of the items made; rather
++ * they are added into the new hash through a secondary hash
++ * hash handle that must be present in the structure. */
++#define HASH_SELECT(hh_dst, dst, hh_src, src, cond)                              \
++do {                                                                             \
++  unsigned _src_bkt, _dst_bkt;                                                   \
++  void *_last_elt=NULL, *_elt;                                                   \
++  UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL;                         \
++  ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst));                 \
++  if (src != NULL) {                                                             \
++    for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) {     \
++      for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head;                \
++          _src_hh != NULL;                                                       \
++          _src_hh = _src_hh->hh_next) {                                          \
++          _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh);                       \
++          if (cond(_elt)) {                                                      \
++            _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho);               \
++            _dst_hh->key = _src_hh->key;                                         \
++            _dst_hh->keylen = _src_hh->keylen;                                   \
++            _dst_hh->hashv = _src_hh->hashv;                                     \
++            _dst_hh->prev = _last_elt;                                           \
++            _dst_hh->next = NULL;                                                \
++            if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; }             \
++            if (dst == NULL) {                                                   \
++              DECLTYPE_ASSIGN(dst,_elt);                                         \
++              HASH_MAKE_TABLE(hh_dst,dst);                                       \
++            } else {                                                             \
++              _dst_hh->tbl = (dst)->hh_dst.tbl;                                  \
++            }                                                                    \
++            HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt);    \
++            HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh);            \
++            (dst)->hh_dst.tbl->num_items++;                                      \
++            _last_elt = _elt;                                                    \
++            _last_elt_hh = _dst_hh;                                              \
++          }                                                                      \
++      }                                                                          \
++    }                                                                            \
++  }                                                                              \
++  HASH_FSCK(hh_dst,dst);                                                         \
++} while (0)
++
++#define HASH_CLEAR(hh,head)                                                      \
++do {                                                                             \
++  if (head != NULL) {                                                            \
++    uthash_free((head)->hh.tbl->buckets,                                         \
++                (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket));      \
++    HASH_BLOOM_FREE((head)->hh.tbl);                                             \
++    uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                          \
++    (head)=NULL;                                                                 \
++  }                                                                              \
++} while (0)
++
++#define HASH_OVERHEAD(hh,head)                                                   \
++ ((head != NULL) ? (                                                             \
++ (size_t)(((head)->hh.tbl->num_items   * sizeof(UT_hash_handle))   +             \
++          ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket))   +             \
++           sizeof(UT_hash_table)                                   +             \
++           (HASH_BLOOM_BYTELEN))) : 0U)
++
++#ifdef NO_DECLTYPE
++#define HASH_ITER(hh,head,el,tmp)                                                \
++for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \
++  (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL)))
++#else
++#define HASH_ITER(hh,head,el,tmp)                                                \
++for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL));      \
++  (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL)))
++#endif
++
++/* obtain a count of items in the hash */
++#define HASH_COUNT(head) HASH_CNT(hh,head)
++#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U)
++
++typedef struct UT_hash_bucket {
++   struct UT_hash_handle *hh_head;
++   unsigned count;
++
++   /* expand_mult is normally set to 0. In this situation, the max chain length
++    * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If
++    * the bucket's chain exceeds this length, bucket expansion is triggered).
++    * However, setting expand_mult to a non-zero value delays bucket expansion
++    * (that would be triggered by additions to this particular bucket)
++    * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH.
++    * (The multiplier is simply expand_mult+1). The whole idea of this
++    * multiplier is to reduce bucket expansions, since they are expensive, in
++    * situations where we know that a particular bucket tends to be overused.
++    * It is better to let its chain length grow to a longer yet-still-bounded
++    * value, than to do an O(n) bucket expansion too often.
++    */
++   unsigned expand_mult;
++
++} UT_hash_bucket;
++
++/* random signature used only to find hash tables in external analysis */
++#define HASH_SIGNATURE 0xa0111fe1u
++#define HASH_BLOOM_SIGNATURE 0xb12220f2u
++
++typedef struct UT_hash_table {
++   UT_hash_bucket *buckets;
++   unsigned num_buckets, log2_num_buckets;
++   unsigned num_items;
++   struct UT_hash_handle *tail; /* tail hh in app order, for fast append    */
++   ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */
++
++   /* in an ideal situation (all buckets used equally), no bucket would have
++    * more than ceil(#items/#buckets) items. that's the ideal chain length. */
++   unsigned ideal_chain_maxlen;
++
++   /* nonideal_items is the number of items in the hash whose chain position
++    * exceeds the ideal chain maxlen. these items pay the penalty for an uneven
++    * hash distribution; reaching them in a chain traversal takes >ideal steps */
++   unsigned nonideal_items;
++
++   /* ineffective expands occur when a bucket doubling was performed, but
++    * afterward, more than half the items in the hash had nonideal chain
++    * positions. If this happens on two consecutive expansions we inhibit any
++    * further expansion, as it's not helping; this happens when the hash
++    * function isn't a good fit for the key domain. When expansion is inhibited
++    * the hash will still work, albeit no longer in constant time. */
++   unsigned ineff_expands, noexpand;
++
++   uint32_t signature; /* used only to find hash tables in external analysis */
++#ifdef HASH_BLOOM
++   uint32_t bloom_sig; /* used only to test bloom exists in external analysis */
++   uint8_t *bloom_bv;
++   uint8_t bloom_nbits;
++#endif
++
++} UT_hash_table;
++
++typedef struct UT_hash_handle {
++   struct UT_hash_table *tbl;
++   void *prev;                       /* prev element in app order      */
++   void *next;                       /* next element in app order      */
++   struct UT_hash_handle *hh_prev;   /* previous hh in bucket order    */
++   struct UT_hash_handle *hh_next;   /* next hh in bucket order        */
++   void *key;                        /* ptr to enclosing struct's key  */
++   unsigned keylen;                  /* enclosing struct's key len     */
++   unsigned hashv;                   /* result of hash-fcn(key)        */
++} UT_hash_handle;
++
++#endif /* UTHASH_H */
+diff --git a/server/utils.c b/server/utils.c
+new file mode 100644
+index 0000000..14a60c7
+--- /dev/null
++++ b/server/utils.c
+@@ -0,0 +1,448 @@
++/*
++ * utils.c - Misc utilities
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdlib.h>
++#include <unistd.h>
++#include <string.h>
++#include <errno.h>
++#include <ctype.h>
++#ifndef __MINGW32__
++#include <pwd.h>
++#include <grp.h>
++#endif
++
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#include "utils.h"
++
++#ifdef HAVE_SETRLIMIT
++#include <sys/time.h>
++#include <sys/resource.h>
++#endif
++
++#define INT_DIGITS 19           /* enough for 64 bit integer */
++
++#ifdef LIB_ONLY
++FILE *logfile;
++#endif
++
++#ifdef HAS_SYSLOG
++int use_syslog = 0;
++#endif
++
++#ifndef __MINGW32__
++void
++ERROR(const char *s)
++{
++    char *msg = strerror(errno);
++    LOGE("%s: %s", s, msg);
++}
++
++#endif
++
++int use_tty = 1;
++
++char *
++ss_itoa(int i)
++{
++    /* Room for INT_DIGITS digits, - and '\0' */
++    static char buf[INT_DIGITS + 2];
++    char *p = buf + INT_DIGITS + 1;     /* points to terminating '\0' */
++    if (i >= 0) {
++        do {
++            *--p = '0' + (i % 10);
++            i   /= 10;
++        } while (i != 0);
++        return p;
++    } else {                     /* i < 0 */
++        do {
++            *--p = '0' - (i % 10);
++            i   /= 10;
++        } while (i != 0);
++        *--p = '-';
++    }
++    return p;
++}
++
++int
++ss_isnumeric(const char *s) {
++    if (!s || !*s)
++        return 0;
++    while (isdigit(*s))
++        ++s;
++    return *s == '\0';
++}
++
++/*
++ * setuid() and setgid() for a specified user.
++ */
++int
++run_as(const char *user)
++{
++#ifndef __MINGW32__
++    if (user[0]) {
++        /* Convert user to a long integer if it is a non-negative number.
++         * -1 means it is a user name. */
++        long uid = -1;
++        if (ss_isnumeric(user)) {
++            errno = 0;
++            char *endptr;
++            uid = strtol(user, &endptr, 10);
++            if (errno || endptr == user)
++                uid = -1;
++        }
++
++#ifdef HAVE_GETPWNAM_R
++        struct passwd pwdbuf, *pwd;
++        memset(&pwdbuf, 0, sizeof(struct passwd));
++        size_t buflen;
++        int err;
++
++        for (buflen = 128;; buflen *= 2) {
++            char buf[buflen];  /* variable length array */
++
++            /* Note that we use getpwnam_r() instead of getpwnam(),
++             * which returns its result in a statically allocated buffer and
++             * cannot be considered thread safe. */
++            err = uid >= 0 ? getpwuid_r((uid_t)uid, &pwdbuf, buf, buflen, &pwd)
++                : getpwnam_r(user, &pwdbuf, buf, buflen, &pwd);
++
++            if (err == 0 && pwd) {
++                /* setgid first, because we may not be allowed to do it anymore after setuid */
++                if (setgid(pwd->pw_gid) != 0) {
++                    LOGE(
++                        "Could not change group id to that of run_as user '%s': %s",
++                        pwd->pw_name, strerror(errno));
++                    return 0;
++                }
++
++                if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
++                    LOGE("Could not change supplementary groups for user '%s'.", pwd->pw_name);
++                    return 0;
++                }
++
++                if (setuid(pwd->pw_uid) != 0) {
++                    LOGE(
++                        "Could not change user id to that of run_as user '%s': %s",
++                        pwd->pw_name, strerror(errno));
++                    return 0;
++                }
++                break;
++            } else if (err != ERANGE) {
++                if (err) {
++                    LOGE("run_as user '%s' could not be found: %s", user,
++                            strerror(err));
++                } else {
++                    LOGE("run_as user '%s' could not be found.", user);
++                }
++                return 0;
++            } else if (buflen >= 16 * 1024) {
++                /* If getpwnam_r() seems defective, call it quits rather than
++                 * keep on allocating ever larger buffers until we crash. */
++                LOGE(
++                    "getpwnam_r() requires more than %u bytes of buffer space.",
++                    (unsigned)buflen);
++                return 0;
++            }
++            /* Else try again with larger buffer. */
++        }
++#else
++        /* No getpwnam_r() :-(  We'll use getpwnam() and hope for the best. */
++        struct passwd *pwd;
++
++        if (!(pwd = uid >=0 ? getpwuid((uid_t)uid) : getpwnam(user))) {
++            LOGE("run_as user %s could not be found.", user);
++            return 0;
++        }
++        /* setgid first, because we may not allowed to do it anymore after setuid */
++        if (setgid(pwd->pw_gid) != 0) {
++            LOGE("Could not change group id to that of run_as user '%s': %s",
++                 pwd->pw_name, strerror(errno));
++            return 0;
++        }
++        if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
++            LOGE("Could not change supplementary groups for user '%s'.", pwd->pw_name);
++            return 0;
++        }
++        if (setuid(pwd->pw_uid) != 0) {
++            LOGE("Could not change user id to that of run_as user '%s': %s",
++                 pwd->pw_name, strerror(errno));
++            return 0;
++        }
++#endif
++    }
++
++#endif // __MINGW32__
++    return 1;
++}
++
++char *
++ss_strndup(const char *s, size_t n)
++{
++    size_t len = strlen(s);
++    char *ret;
++
++    if (len <= n) {
++        return strdup(s);
++    }
++
++    ret = ss_malloc(n + 1);
++    strncpy(ret, s, n);
++    ret[n] = '\0';
++    return ret;
++}
++
++void
++FATAL(const char *msg)
++{
++    LOGE("%s", msg);
++    exit(-1);
++}
++
++void *
++ss_malloc(size_t size)
++{
++    void *tmp = malloc(size);
++    if (tmp == NULL)
++        exit(EXIT_FAILURE);
++    return tmp;
++}
++
++void *
++ss_realloc(void *ptr, size_t new_size)
++{
++    void *new = realloc(ptr, new_size);
++    if (new == NULL) {
++        free(ptr);
++        ptr = NULL;
++        exit(EXIT_FAILURE);
++    }
++    return new;
++}
++
++void
++usage()
++{
++    printf("\n");
++    printf("shadowsocks-libev %s with %s\n\n", VERSION, USING_CRYPTO);
++    printf(
++        "  maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com>\n\n");
++    printf("  usage:\n\n");
++#ifdef MODULE_LOCAL
++    printf("    ss-local\n");
++#elif MODULE_REMOTE
++    printf("    ss-server\n");
++#elif MODULE_TUNNEL
++    printf("    ss-tunnel\n");
++#elif MODULE_REDIR
++    printf("    ss-redir\n");
++#elif MODULE_MANAGER
++    printf("    ss-manager\n");
++#endif
++    printf("\n");
++    printf(
++        "       -s <server_host>           Host name or IP address of your remote server.\n");
++    printf(
++        "       -p <server_port>           Port number of your remote server.\n");
++    printf(
++        "       -l <local_port>            Port number of your local server.\n");
++    printf(
++        "       -k <password>              Password of your remote server.\n");
++    printf(
++        "       -m <encrypt_method>        Encrypt method: table, rc4, rc4-md5,\n");
++    printf(
++        "                                  aes-128-cfb, aes-192-cfb, aes-256-cfb,\n");
++    printf(
++        "                                  aes-128-ctr, aes-192-ctr, aes-256-ctr,\n");
++    printf(
++        "                                  bf-cfb, camellia-128-cfb, camellia-192-cfb,\n");
++    printf(
++        "                                  camellia-256-cfb, cast5-cfb, des-cfb,\n");
++    printf(
++        "                                  idea-cfb, rc2-cfb, seed-cfb, salsa20,\n");
++    printf(
++        "                                  chacha20 and chacha20-ietf.\n");
++    printf(
++        "                                  The default cipher is rc4-md5.\n");
++    printf("\n");
++    printf(
++        "       [-a <user>]                Run as another user.\n");
++    printf(
++        "       [-f <pid_file>]            The file path to store pid.\n");
++    printf(
++        "       [-t <timeout>]             Socket timeout in seconds.\n");
++    printf(
++        "       [-c <config_file>]         The path to config file.\n");
++#ifdef HAVE_SETRLIMIT
++    printf(
++        "       [-n <number>]              Max number of open files.\n");
++#endif
++#ifndef MODULE_REDIR
++    printf(
++        "       [-i <interface>]           Network interface to bind.\n");
++#endif
++    printf(
++        "       [-b <local_address>]       Local address to bind.\n");
++    printf("\n");
++    printf(
++        "       [-u]                       Enable UDP relay.\n");
++#ifdef MODULE_REDIR
++    printf(
++        "                                  TPROXY is required in redir mode.\n");
++#endif
++    printf(
++        "       [-U]                       Enable UDP relay and disable TCP relay.\n");
++    printf(
++        "       [-A]                       Enable onetime authentication.\n");
++#ifdef MODULE_REMOTE
++    printf(
++        "       [-6]                       Resovle hostname to IPv6 address first.\n");
++#endif
++    printf("\n");
++#ifdef MODULE_TUNNEL
++    printf(
++        "       [-L <addr>:<port>]         Destination server address and port\n");
++    printf(
++        "                                  for local port forwarding.\n");
++#endif
++#ifdef MODULE_REMOTE
++    printf(
++        "       [-d <addr>]                Name servers for internal DNS resolver.\n");
++#endif
++#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL)
++    printf(
++        "       [--fast-open]              Enable TCP fast open.\n");
++    printf(
++        "                                  with Linux kernel > 3.7.0.\n");
++    printf(
++        "       [--acl <acl_file>]         Path to ACL (Access Control List).\n");
++#endif
++#if defined(MODULE_REMOTE) || defined(MODULE_MANAGER)
++    printf(
++        "       [--manager-address <addr>] UNIX domain socket address.\n");
++#endif
++#ifdef MODULE_MANAGER
++    printf(
++        "       [--executable <path>]      Path to the executable of ss-server.\n");
++#endif
++    printf(
++        "       [--mtu <MTU>]              MTU of your network interface.\n");
++#ifdef __linux__
++    printf(
++        "       [--mptcp]                  Enable Multipath TCP on MPTCP Kernel.\n");
++#ifdef MODULE_REMOTE
++    printf(
++        "       [--firewall]               Setup firewall rules for auto blocking.\n");
++#endif
++#endif
++    printf("\n");
++    printf(
++        "       [-v]                       Verbose mode.\n");
++    printf(
++        "       [-h, --help]               Print this message.\n");
++    printf("\n");
++}
++
++void
++daemonize(const char *path)
++{
++#ifndef __MINGW32__
++    /* Our process ID and Session ID */
++    pid_t pid, sid;
++
++    /* Fork off the parent process */
++    pid = fork();
++    if (pid < 0) {
++        exit(EXIT_FAILURE);
++    }
++
++    /* If we got a good PID, then
++     * we can exit the parent process. */
++    if (pid > 0) {
++        FILE *file = fopen(path, "w");
++        if (file == NULL) {
++            FATAL("Invalid pid file\n");
++        }
++
++        fprintf(file, "%d", (int)pid);
++        fclose(file);
++        exit(EXIT_SUCCESS);
++    }
++
++    /* Change the file mode mask */
++    umask(0);
++
++    /* Open any logs here */
++
++    /* Create a new SID for the child process */
++    sid = setsid();
++    if (sid < 0) {
++        /* Log the failure */
++        exit(EXIT_FAILURE);
++    }
++
++    /* Change the current working directory */
++    if ((chdir("/")) < 0) {
++        /* Log the failure */
++        exit(EXIT_FAILURE);
++    }
++
++    /* Close out the standard file descriptors */
++    close(STDIN_FILENO);
++    close(STDOUT_FILENO);
++    close(STDERR_FILENO);
++#endif
++}
++
++#ifdef HAVE_SETRLIMIT
++int
++set_nofile(int nofile)
++{
++    struct rlimit limit = { nofile, nofile }; /* set both soft and hard limit */
++
++    if (nofile <= 0) {
++        FATAL("nofile must be greater than 0\n");
++    }
++
++    if (setrlimit(RLIMIT_NOFILE, &limit) < 0) {
++        if (errno == EPERM) {
++            LOGE(
++                "insufficient permission to change NOFILE, not starting as root?");
++            return -1;
++        } else if (errno == EINVAL) {
++            LOGE("invalid nofile, decrease nofile and try again");
++            return -1;
++        } else {
++            LOGE("setrlimit failed: %s", strerror(errno));
++            return -1;
++        }
++    }
++
++    return 0;
++}
++
++#endif
+diff --git a/server/utils.h b/server/utils.h
+new file mode 100644
+index 0000000..0fb7f5a
+--- /dev/null
++++ b/server/utils.h
+@@ -0,0 +1,232 @@
++/*
++ * utils.h - Misc utilities
++ *
++ * Copyright (C) 2013 - 2016, Max Lv <max.c.lv@gmail.com>
++ *
++ * This file is part of the shadowsocks-libev.
++ *
++ * shadowsocks-libev is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * shadowsocks-libev is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with shadowsocks-libev; see the file COPYING. If not, see
++ * <http://www.gnu.org/licenses/>.
++ */
++
++#if defined(USE_CRYPTO_OPENSSL)
++
++#include <openssl/opensslv.h>
++#define USING_CRYPTO OPENSSL_VERSION_TEXT
++
++#elif defined(USE_CRYPTO_POLARSSL)
++#include <polarssl/version.h>
++#define USING_CRYPTO POLARSSL_VERSION_STRING_FULL
++
++#elif defined(USE_CRYPTO_MBEDTLS)
++#include <mbedtls/version.h>
++#define USING_CRYPTO MBEDTLS_VERSION_STRING_FULL
++
++#endif
++
++#ifndef _UTILS_H
++#define _UTILS_H
++
++#include <stddef.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <time.h>
++
++#define PORTSTRLEN 16
++#define SS_ADDRSTRLEN (INET6_ADDRSTRLEN + PORTSTRLEN + 1)
++
++#ifdef ANDROID
++
++#include <android/log.h>
++
++#define USE_TTY()
++#define USE_SYSLOG(ident)
++#define LOGI(...)                                                \
++    ((void)__android_log_print(ANDROID_LOG_DEBUG, "shadowsocks", \
++                               __VA_ARGS__))
++#define LOGE(...)                                                \
++    ((void)__android_log_print(ANDROID_LOG_ERROR, "shadowsocks", \
++                               __VA_ARGS__))
++
++#else
++
++#define STR(x) # x
++#define TOSTR(x) STR(x)
++
++#ifdef LIB_ONLY
++
++extern FILE *logfile;
++
++#define TIME_FORMAT "%Y-%m-%d %H:%M:%S"
++
++#define USE_TTY()
++
++#define USE_SYSLOG(ident)
++
++#define USE_LOGFILE(ident)                                     \
++    do {                                                       \
++        if (ident != NULL) { logfile = fopen(ident, "w+"); } } \
++    while (0)
++
++#define CLOSE_LOGFILE                               \
++    do {                                            \
++        if (logfile != NULL) { fclose(logfile); } } \
++    while (0)
++
++#define LOGI(format, ...)                                                        \
++    do {                                                                         \
++        if (logfile != NULL) {                                                   \
++            time_t now = time(NULL);                                             \
++            char timestr[20];                                                    \
++            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                 \
++            fprintf(logfile, " %s INFO: " format "\n", timestr, ## __VA_ARGS__); \
++            fflush(logfile); }                                                   \
++    }                                                                            \
++    while (0)
++
++#define LOGE(format, ...)                                        \
++    do {                                                         \
++        if (logfile != NULL) {                                   \
++            time_t now = time(NULL);                             \
++            char timestr[20];                                    \
++            strftime(timestr, 20, TIME_FORMAT, localtime(&now)); \
++            fprintf(logfile, " %s ERROR: " format "\n", timestr, \
++                    ## __VA_ARGS__);                             \
++            fflush(logfile); }                                   \
++    }                                                            \
++    while (0)
++
++#elif defined(_WIN32)
++
++#define TIME_FORMAT "%Y-%m-%d %H:%M:%S"
++
++#define USE_TTY()
++
++#define USE_SYSLOG(ident)
++
++#define LOGI(format, ...)                                                   \
++    do {                                                                    \
++        time_t now = time(NULL);                                            \
++        char timestr[20];                                                   \
++        strftime(timestr, 20, TIME_FORMAT, localtime(&now));                \
++        fprintf(stderr, " %s INFO: " format "\n", timestr, ## __VA_ARGS__); \
++        fflush(stderr); }                                                   \
++    while (0)
++
++#define LOGE(format, ...)                                                    \
++    do {                                                                     \
++        time_t now = time(NULL);                                             \
++        char timestr[20];                                                    \
++        strftime(timestr, 20, TIME_FORMAT, localtime(&now));                 \
++        fprintf(stderr, " %s ERROR: " format "\n", timestr, ## __VA_ARGS__); \
++        fflush(stderr); }                                                    \
++    while (0)
++
++#else
++
++#include <syslog.h>
++
++extern int use_tty;
++#define USE_TTY()                        \
++    do {                                 \
++        use_tty = isatty(STDERR_FILENO); \
++    } while (0)                          \
++
++#define HAS_SYSLOG
++extern int use_syslog;
++
++#define TIME_FORMAT "%F %T"
++
++#define USE_SYSLOG(ident)                          \
++    do {                                           \
++        use_syslog = 1;                            \
++        openlog((ident), LOG_CONS | LOG_PID, 0); } \
++    while (0)
++
++#define LOGI(format, ...)                                                        \
++    do {                                                                         \
++        if (use_syslog) {                                                        \
++            syslog(LOG_INFO, format, ## __VA_ARGS__);                            \
++        } else {                                                                 \
++            time_t now = time(NULL);                                             \
++            char timestr[20];                                                    \
++            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                 \
++            if (use_tty) {                                                       \
++                fprintf(stderr, "\e[01;32m %s INFO: \e[0m" format "\n", timestr, \
++                        ## __VA_ARGS__);                                         \
++            } else {                                                             \
++                fprintf(stderr, " %s INFO: " format "\n", timestr,               \
++                        ## __VA_ARGS__);                                         \
++            }                                                                    \
++        }                                                                        \
++    }                                                                            \
++    while (0)
++
++#define LOGE(format, ...)                                                         \
++    do {                                                                          \
++        if (use_syslog) {                                                         \
++            syslog(LOG_ERR, format, ## __VA_ARGS__);                              \
++        } else {                                                                  \
++            time_t now = time(NULL);                                              \
++            char timestr[20];                                                     \
++            strftime(timestr, 20, TIME_FORMAT, localtime(&now));                  \
++            if (use_tty) {                                                        \
++                fprintf(stderr, "\e[01;35m %s ERROR: \e[0m" format "\n", timestr, \
++                        ## __VA_ARGS__);                                          \
++            } else {                                                              \
++                fprintf(stderr, " %s ERROR: " format "\n", timestr,               \
++                        ## __VA_ARGS__);                                          \
++            }                                                                     \
++        } }                                                                       \
++    while (0)
++
++#endif
++/* _WIN32 */
++
++#endif
++
++#ifdef __MINGW32__
++
++#ifdef ERROR
++#undef ERROR
++#endif
++#define ERROR(s) ss_error(s)
++
++#else
++
++void ERROR(const char *s);
++
++#endif
++
++char *ss_itoa(int i);
++int ss_isnumeric(const char *s);
++int run_as(const char *user);
++void FATAL(const char *msg);
++void usage(void);
++void daemonize(const char *path);
++char *ss_strndup(const char *s, size_t n);
++#ifdef HAVE_SETRLIMIT
++int set_nofile(int nofile);
++#endif
++
++void *ss_malloc(size_t size);
++void *ss_realloc(void *ptr, size_t new_size);
++
++#define ss_free(ptr)     \
++    do {                 \
++        free(ptr);       \
++        ptr = NULL;      \
++    } while (0)
++
++#endif // _UTILS_H
+diff --git a/server/verify.c b/server/verify.c
+new file mode 100644
+index 0000000..9e7393d
+--- /dev/null
++++ b/server/verify.c
+@@ -0,0 +1,188 @@
++
++#include "verify.h"
++
++static int verify_simple_pack_unit_size = 2000;
++
++typedef struct verify_simple_local_data {
++    char * recv_buffer;
++    int recv_buffer_size;
++}verify_simple_local_data;
++
++void verify_simple_local_data_init(verify_simple_local_data* local) {
++    local->recv_buffer = (char*)malloc(16384);
++    local->recv_buffer_size = 0;
++}
++
++obfs * verify_simple_new_obfs() {
++    obfs * self = new_obfs();
++    self->l_data = malloc(sizeof(verify_simple_local_data));
++    verify_simple_local_data_init((verify_simple_local_data*)self->l_data);
++    return self;
++}
++
++void verify_simple_dispose(obfs *self) {
++    verify_simple_local_data *local = (verify_simple_local_data*)self->l_data;
++    if (local->recv_buffer != NULL) {
++        free(local->recv_buffer);
++        local->recv_buffer = NULL;
++    }
++    free(local);
++    self->l_data = NULL;
++    dispose_obfs(self);
++}
++
++int verify_simple_pack_data(char *data, int datalength, char *outdata) {
++    unsigned char rand_len = (xorshift128plus() & 0xF) + 1;
++    int out_size = rand_len + datalength + 6;
++    outdata[0] = out_size >> 8;
++    outdata[1] = out_size;
++    outdata[2] = rand_len;
++    memmove(outdata + rand_len + 2, data, datalength);
++    fillcrc32((unsigned char *)outdata, out_size);
++    return out_size;
++}
++
++int verify_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t *capacity) {
++    char *plaindata = *pplaindata;
++    //verify_simple_local_data *local = (verify_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 32);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    while ( len > verify_simple_pack_unit_size ) {
++        pack_len = verify_simple_pack_data(data, verify_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += verify_simple_pack_unit_size;
++        len -= verify_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = verify_simple_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int verify_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t *capacity) {
++    char *plaindata = *pplaindata;
++    verify_simple_local_data *local = (verify_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++        return -1;
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    while (local->recv_buffer_size > 2) {
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        int crc = crc32((unsigned char*)recv_buffer, length);
++        if (crc != -1) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            return -1;
++        }
++        int data_size = length - recv_buffer[2] - 6;
++        memmove(buffer, recv_buffer + 2 + recv_buffer[2], data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int verify_simple_server_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t *capacity) {
++    char *plaindata = *pplaindata;
++    //verify_simple_local_data *local = (verify_simple_local_data*)self->l_data;
++    char * out_buffer = (char*)malloc(datalength * 2 + 32);
++    char * buffer = out_buffer;
++    char * data = plaindata;
++    int len = datalength;
++    int pack_len;
++    while ( len > verify_simple_pack_unit_size ) {
++        pack_len = verify_simple_pack_data(data, verify_simple_pack_unit_size, buffer);
++        buffer += pack_len;
++        data += verify_simple_pack_unit_size;
++        len -= verify_simple_pack_unit_size;
++    }
++    if (len > 0) {
++        pack_len = verify_simple_pack_data(data, len, buffer);
++        buffer += pack_len;
++    }
++    len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
++
++int verify_simple_server_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t *capacity) {
++    char *plaindata = *pplaindata;
++    verify_simple_local_data *local = (verify_simple_local_data*)self->l_data;
++    uint8_t * recv_buffer = (uint8_t *)local->recv_buffer;
++    if (local->recv_buffer_size + datalength > 16384)
++    {
++        LOGE("verify_simple: wrong buf length %d", local->recv_buffer_size + datalength);
++        return -1;
++    }
++    memmove(recv_buffer + local->recv_buffer_size, plaindata, datalength);
++    local->recv_buffer_size += datalength;
++
++    char * out_buffer = (char*)malloc(local->recv_buffer_size);
++    char * buffer = out_buffer;
++    while (local->recv_buffer_size > 2) {
++        int length = ((int)recv_buffer[0] << 8) | recv_buffer[1];
++        if (length >= 8192 || length < 7) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            LOGE("verify_simple: wrong length %d", length);
++            return -1;
++        }
++        if (length > local->recv_buffer_size)
++            break;
++
++        int crc = crc32((unsigned char*)recv_buffer, length);
++        if (crc != -1) {
++            free(out_buffer);
++            local->recv_buffer_size = 0;
++            LOGE("verify_simple: wrong crc");
++            return -1;
++        }
++        int data_size = length - recv_buffer[2] - 6;
++        memmove(buffer, recv_buffer + 2 + recv_buffer[2], data_size);
++        buffer += data_size;
++        memmove(recv_buffer, recv_buffer + length, local->recv_buffer_size -= length);
++    }
++    int len = buffer - out_buffer;
++    if (*capacity < len) {
++        *pplaindata = (char*)realloc(*pplaindata, *capacity = len * 2);
++        plaindata = *pplaindata;
++    }
++    memmove(plaindata, out_buffer, len);
++    free(out_buffer);
++    return len;
++}
+diff --git a/server/verify.h b/server/verify.h
+new file mode 100644
+index 0000000..57c6ff9
+--- /dev/null
++++ b/server/verify.h
+@@ -0,0 +1,19 @@
++/*
++ * verify.h - Define shadowsocksR server's buffers and callbacks
++ *
++ * Copyright (C) 2015 - 2016, Break Wa11 <mmgac001@gmail.com>
++ */
++
++#ifndef _VERIFY_H
++#define _VERIFY_H
++
++obfs * verify_simple_new_obfs();
++void verify_simple_dispose(obfs *self);
++
++int verify_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int verify_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++int verify_simple_server_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++int verify_simple_server_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity);
++
++#endif // _VERIFY_H
+-- 
+2.19.1
+
diff --git a/package/lean/shadowsocksr-libev/patches/0002-Revert-verify_simple-and-auth_simple.patch b/package/lean/shadowsocksr-libev/patches/0002-Revert-verify_simple-and-auth_simple.patch
new file mode 100644
index 000000000..72ee3337d
--- /dev/null
+++ b/package/lean/shadowsocksr-libev/patches/0002-Revert-verify_simple-and-auth_simple.patch
@@ -0,0 +1,22 @@
+diff --git a/src/obfs/obfs.c b/src/obfs/obfs.c
+index 463359f..4cd750a 100644
+--- a/src/obfs/obfs.c
++++ b/src/obfs/obfs.c
+@@ -88,7 +88,7 @@
+         plugin->client_decode = tls12_ticket_auth_client_decode;
+ 
+         return plugin;
+-        /*} else if (strcmp(plugin_name, "verify_simple") == 0) {
++        } else if (strcmp(plugin_name, "verify_simple") == 0) {
+             obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs_class));
+             plugin->init_data = init_data;
+             plugin->new_obfs = verify_simple_new_obfs;
+@@ -115,7 +115,7 @@
+             plugin->client_udp_pre_encrypt = NULL;
+             plugin->client_udp_post_decrypt = NULL;
+ 
+-            return plugin;*/
++            return plugin;
+     } else if (strcmp(plugin_name, "auth_sha1") == 0) {
+         obfs_class *plugin = (obfs_class *) malloc(sizeof(obfs_class));
+         plugin->init_data = auth_simple_init_data;
\ No newline at end of file
diff --git a/package/lean/shadowsocksr-libev/patches/0003-Refine-Usage.patch b/package/lean/shadowsocksr-libev/patches/0003-Refine-Usage.patch
new file mode 100644
index 000000000..85aa0f134
--- /dev/null
+++ b/package/lean/shadowsocksr-libev/patches/0003-Refine-Usage.patch
@@ -0,0 +1,42 @@
+diff --git a/src/utils.c b/src/utils.c
+index 94f8a83..01bcbac 100644
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -258,8 +258,6 @@ usage()
+ {
+     printf("\n");
+     printf("shadowsocks-libev %s with %s\n\n", VERSION, USING_CRYPTO);
+-    printf(
+-        "  maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com>\n\n");
+     printf("  usage:\n\n");
+ #ifdef MODULE_LOCAL
+     printf("    ss-local\n");
+@@ -298,6 +296,25 @@ usage()
+     printf(
+         "                                  The default cipher is rc4-md5.\n");
+     printf("\n");
++    printf(
++        "       -o <obfs>                  Obfs of your remote server: plain,\n");
++    printf(
++        "                                  http_simple, http_post and tls1.2_ticket_auth.\n");
++    printf(
++        "       -g <obfs-param>            Obfs-Param of your remote server.\n");
++    printf(
++        "       -O <protocol>              Protocol of your remote server: orgin,\n");
++    printf(
++        "                                  auth_sha1, auth_sha1_v2, auth_sha1_v4,\n");
++    printf(
++        "                                  auth_aes128_md5, auth_aes128_sha1,\n");
++    printf(
++        "                                  auth_chain_a, auth_chain_b, auth_chain_c,\n");
++    printf(
++        "                                  auth_chain_d, auth_chain_e and auth_chain_f.\n");
++    printf(
++        "       -G <protocol-param>        Protocol-Param of your remote server.\n");
++    printf("\n");
+     printf(
+         "       [-a <user>]                Run as another user.\n");
+     printf(
+-- 
+2.19.1
+