shadowsocks
diff --git a/‎.github/workflows/build-and-test.yml
+20-2 b/‎.github/workflows/build-and-test.yml
+20-2
diff --git a/‎Cargo.lock
+5-7 b/‎Cargo.lock
+5-7
diff --git a/‎Cargo.toml
+4-1 b/‎Cargo.toml
+4-1
diff --git a/‎bin/sslocal.rs
+6-1 b/‎bin/sslocal.rs
+6-1
diff --git a/‎bin/ssmanager.rs
+7-2 b/‎bin/ssmanager.rs
+7-2
diff --git a/‎bin/ssserver.rs
+7-4 b/‎bin/ssserver.rs
+7-4
diff --git a/‎crates/shadowsocks-service/Cargo.toml
+1-1 b/‎crates/shadowsocks-service/Cargo.toml
+1-1
diff --git a/‎crates/shadowsocks-service/src/config.rs
+18-4 b/‎crates/shadowsocks-service/src/config.rs
+18-4
diff --git a/‎crates/shadowsocks-service/src/local/dns/upstream.rs
+4-4 b/‎crates/shadowsocks-service/src/local/dns/upstream.rs
+4-4
diff --git a/‎crates/shadowsocks-service/src/local/mod.rs
+5-3 b/‎crates/shadowsocks-service/src/local/mod.rs
+5-3
@@ -30,10 +30,16 @@ jobs:
           profile: minimal
       - name: Build & Test (Default)
         run: cargo test --verbose --no-fail-fast
+      - name: Build & Test (Default) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-fail-fast
       - name: Build & Test (--no-default-features)
         run: cargo test --verbose --no-default-features --no-fail-fast
+      - name: Build & Test (--no-default-features) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-default-features --no-fail-fast
       - name: Build with All Features Enabled
-        run: cargo build --verbose --features "local-redir local-dns dns-over-tls dns-over-https stream-cipher"
+        run: cargo build --verbose --features "local-dns dns-over-tls dns-over-https stream-cipher"
+      - name: Build with All Features Enabled - shadowsocks
+        run: cargo build --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --features "stream-cipher"
 
   build-windows:
     runs-on: windows-latest
@@ -53,10 +59,16 @@ jobs:
           profile: minimal
       - name: Build & Test (Default)
         run: cargo test --verbose --no-fail-fast
+      - name: Build & Test (Default) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-fail-fast
       - name: Build & Test (--no-default-features)
         run: cargo test --verbose --no-default-features --no-fail-fast
+      - name: Build & Test (--no-default-features) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-default-features --no-fail-fast
       - name: Build with All Features Enabled
         run: cargo build --verbose --features "local-dns dns-over-tls dns-over-https stream-cipher"
+      - name: Build with All Features Enabled - shadowsocks
+        run: cargo build --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --features "stream-cipher"
 
   build-macos:
     runs-on: macos-latest
@@ -81,7 +93,13 @@ jobs:
           profile: minimal
       - name: Build & Test (Default)
         run: cargo test --verbose --no-fail-fast
+      - name: Build & Test (Default) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-fail-fast
       - name: Build & Test (--no-default-features)
         run: cargo test --verbose --no-default-features --no-fail-fast
+      - name: Build & Test (--no-default-features) - shadowsocks
+        run: cargo test --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --no-default-features --no-fail-fast
       - name: Build with All Features Enabled
-        run: cargo build --verbose --features "local-redir local-dns dns-over-tls dns-over-https stream-cipher"
+        run: cargo build --verbose --features "local-dns dns-over-tls dns-over-https stream-cipher"
+      - name: Build with All Features Enabled - shadowsocks
+        run: cargo build --manifest-path ./crates/shadowsocks/Cargo.toml --verbose --features "stream-cipher"
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-rust"
-version = "1.10.4"
+version = "1.11.0"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
@@ -132,3 +132,6 @@ byteorder = "1.3"
 env_logger = "0.8"
 byte_string = "1.0"
 tokio = { version = "1", features = ["net", "time", "macros", "io-util"]}
+
+[patch.crates-io]
+tokio = { git = "https://github.com/tokio-rs/tokio.git", features = ["full"] }
@@ -63,6 +63,7 @@ fn main() {
 
 
         (@arg NO_DELAY: --("no-delay") !takes_value "Set TCP_NODELAY option for socket")
+        (@arg FAST_OPEN: --("fast-open") !takes_value "Enable TCP Fast Open (TFO)")
         (@arg NOFILE: -n --nofile +takes_value "Set RLIMIT_NOFILE with both soft and hard limit (only for *nix systems)")
         (@arg ACL: --acl +takes_value "Path to ACL (Access Control List)")
         (@arg DNS: --dns +takes_value "DNS nameservers, formatted like [(tcp|udp)://]host[:port][,host[:port]]..., or unix:///path/to/dns, or predefined keys like \"google\", \"cloudflare\"")
@@ -339,14 +340,18 @@ fn main() {
         config.no_delay = true;
     }
 
+    if matches.is_present("FAST_OPEN") {
+        config.fast_open = true;
+    }
+
     #[cfg(any(target_os = "linux", target_os = "android"))]
     if let Some(mark) = matches.value_of("OUTBOUND_FWMARK") {
         config.outbound_fwmark = Some(mark.parse::<u32>().expect("an unsigned integer for `outbound-fwmark`"));
     }
 
     #[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "ios"))]
     if let Some(iface) = matches.value_of("OUTBOUND_BIND_INTERFACE") {
-        config.outbound_bind_interface = Some(From::from(iface.to_owned()));
+        config.outbound_bind_interface = Some(iface.to_owned());
     }
 
     if let Some(nofile) = matches.value_of("NOFILE") {
 
@@ -51,6 +51,7 @@ fn main() {
         (@arg SERVER_HOST: -s --("server-host") +takes_value "Host name or IP address of your remote server")
 
         (@arg NO_DELAY: --("no-delay") !takes_value "Set TCP_NODELAY option for socket")
+        (@arg FAST_OPEN: --("fast-open") !takes_value "Enable TCP Fast Open (TFO)")
 
         (@arg MANAGER_ADDRESS: --("manager-address") +takes_value {validator::validate_manager_addr} "ShadowSocks Manager (ssmgr) address, could be ip:port, domain:port or /path/to/unix.sock")
         (@arg ENCRYPT_METHOD: -m --("encrypt-method") +takes_value possible_values(available_ciphers()) "Default encryption method")
@@ -143,14 +144,18 @@ fn main() {
         config.no_delay = true;
     }
 
+    if matches.is_present("FAST_OPEN") {
+        config.fast_open = true;
+    }
+
     #[cfg(any(target_os = "linux", target_os = "android"))]
     if let Some(mark) = matches.value_of("OUTBOUND_FWMARK") {
         config.outbound_fwmark = Some(mark.parse::<u32>().expect("an unsigned integer for `outbound-fwmark`"));
     }
 
-    #[cfg(any(target_os = "linux", target_os = "android"))]
+    #[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "ios"))]
     if let Some(iface) = matches.value_of("OUTBOUND_BIND_INTERFACE") {
-        config.outbound_bind_interface = Some(From::from(iface.to_owned()));
+        config.outbound_bind_interface = Some(iface.to_owned());
     }
 
     if let Some(m) = matches.value_of("MANAGER_ADDRESS") {
 
@@ -57,6 +57,7 @@ fn main() {
         (@arg MANAGER_ADDRESS: --("manager-address") +takes_value "ShadowSocks Manager (ssmgr) address, could be \"IP:Port\", \"Domain:Port\" or \"/path/to/unix.sock\"")
 
         (@arg NO_DELAY: --("no-delay") !takes_value "Set TCP_NODELAY option for socket")
+        (@arg FAST_OPEN: --("fast-open") !takes_value "Enable TCP Fast Open (TFO)")
         (@arg NOFILE: -n --nofile +takes_value "Set RLIMIT_NOFILE with both soft and hard limit (only for *nix systems)")
         (@arg ACL: --acl +takes_value "Path to ACL (Access Control List)")
         (@arg DNS: --dns +takes_value "DNS nameservers, formatted like [(tcp|udp)://]host[:port][,host[:port]]..., or unix:///path/to/dns, or predefined keys like \"google\", \"cloudflare\"")
@@ -68,8 +69,6 @@ fn main() {
         (@arg INBOUND_RECV_BUFFER_SIZE: --("inbound-recv-buffer-size") +takes_value {validator::validate_u32} "Set inbound sockets' SO_RCVBUF option")
         (@arg OUTBOUND_SEND_BUFFER_SIZE: --("outbound-send-buffer-size") +takes_value {validator::validate_u32} "Set outbound sockets' SO_SNDBUF option")
         (@arg OUTBOUND_RECV_BUFFER_SIZE: --("outbound-recv-buffer-size") +takes_value {validator::validate_u32} "Set outbound sockets' SO_RCVBUF option")
-
-        (@arg SINGLE_THREADED: --("single-threaded") "Run the program all in one thread")
     );
 
     #[cfg(feature = "logging")]
@@ -188,14 +187,18 @@ fn main() {
         config.no_delay = true;
     }
 
+    if matches.is_present("FAST_OPEN") {
+        config.fast_open = true;
+    }
+
     #[cfg(any(target_os = "linux", target_os = "android"))]
     if let Some(mark) = matches.value_of("OUTBOUND_FWMARK") {
         config.outbound_fwmark = Some(mark.parse::<u32>().expect("an unsigned integer for `outbound-fwmark`"));
     }
 
-    #[cfg(any(target_os = "linux", target_os = "android"))]
+    #[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "ios"))]
     if let Some(iface) = matches.value_of("OUTBOUND_BIND_INTERFACE") {
-        config.outbound_bind_interface = Some(From::from(iface.to_owned()));
+        config.outbound_bind_interface = Some(iface.to_owned());
     }
 
     if let Some(m) = matches.value_of("MANAGER_ADDRESS") {
 
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-service"
-version = "1.10.3"
+version = "1.11.0"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
 
@@ -41,8 +41,8 @@
 //!
 //! These defined server will be used with a load balancing algorithm.
 
-#[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "ios"))]
-use std::ffi::OsString;
+#[cfg(any(unix, features = "local-flow-stat"))]
+use std::path::PathBuf;
 use std::{
     convert::{From, Infallible},
     default::Default,
@@ -51,7 +51,7 @@ use std::{
     io::Read,
     net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6},
     option::Option,
-    path::{Path, PathBuf},
+    path::Path,
     str::FromStr,
     string::ToString,
     time::Duration,
@@ -127,6 +127,8 @@ struct SSConfig {
     nofile: Option<u64>,
     #[serde(skip_serializing_if = "Option::is_none")]
     ipv6_first: Option<bool>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    fast_open: Option<bool>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Default)]
@@ -717,6 +719,8 @@ pub struct Config {
 
     /// Set `TCP_NODELAY` socket option
     pub no_delay: bool,
+    /// Set `TCP_FASTOPEN` socket option
+    pub fast_open: bool,
     /// `RLIMIT_NOFILE` option for *nix systems
     pub nofile: Option<u64>,
 
@@ -725,7 +729,7 @@ pub struct Config {
     pub outbound_fwmark: Option<u32>,
     /// Set `SO_BINDTODEVICE` socket option for outbound sockets
     #[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "ios"))]
-    pub outbound_bind_interface: Option<OsString>,
+    pub outbound_bind_interface: Option<String>,
     /// Path to protect callback unix address, only for Android
     #[cfg(target_os = "android")]
     pub outbound_vpn_protect_path: Option<PathBuf>,
@@ -829,6 +833,7 @@ impl Config {
             ipv6_first: false,
 
             no_delay: false,
+            fast_open: false,
             nofile: None,
 
             #[cfg(any(target_os = "linux", target_os = "android"))]
@@ -1275,6 +1280,11 @@ impl Config {
             nconfig.no_delay = b;
         }
 
+        // TCP fast open
+        if let Some(b) = config.fast_open {
+            nconfig.fast_open = b;
+        }
+
         // UDP
         nconfig.udp_timeout = config.udp_timeout.map(Duration::from_secs);
 
@@ -1758,6 +1768,10 @@ impl fmt::Display for Config {
             jconf.no_delay = Some(self.no_delay);
         }
 
+        if self.fast_open {
+            jconf.fast_open = Some(self.fast_open);
+        }
+
         match self.dns {
             DnsConfig::System => {}
             #[cfg(feature = "trust-dns")]
 
@@ -18,7 +18,7 @@ use shadowsocks::{
 use tokio::net::UnixStream;
 use tokio::{
     io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
-    net::{TcpStream, UdpSocket},
+    net::UdpSocket,
     time,
 };
 use trust_dns_resolver::proto::{
@@ -31,7 +31,7 @@ use crate::net::{FlowStat, MonProxySocket, MonProxyStream};
 /// Collection of various DNS connections
 pub enum DnsClient {
     TcpLocal {
-        stream: TcpStream,
+        stream: ShadowTcpStream,
     },
     UdpLocal {
         socket: UdpSocket,
@@ -42,7 +42,7 @@ pub enum DnsClient {
         stream: UnixStream,
     },
     TcpRemote {
-        stream: ProxyClientStream<MonProxyStream<TcpStream>>,
+        stream: ProxyClientStream<MonProxyStream<ShadowTcpStream>>,
     },
     UdpRemote {
         socket: MonProxySocket,
@@ -53,7 +53,7 @@ pub enum DnsClient {
 impl DnsClient {
     /// Connect to local provided TCP DNS server
     pub async fn connect_tcp_local(ns: SocketAddr, connect_opts: &ConnectOpts) -> io::Result<DnsClient> {
-        let stream = ShadowTcpStream::connect_with_opts(&ns, connect_opts).await?.into();
+        let stream = ShadowTcpStream::connect_with_opts(&ns, connect_opts).await?;
         Ok(DnsClient::TcpLocal { stream })
     }
 
 
@@ -9,7 +9,7 @@ use futures::{
     stream::{FuturesUnordered, StreamExt},
     FutureExt,
 };
-use log::{error, trace, warn};
+use log::{error, trace};
 use shadowsocks::{
     config::Mode,
     net::{AcceptOpts, ConnectOpts},
@@ -53,7 +53,7 @@ pub async fn run(mut config: Config) -> io::Result<()> {
     #[cfg(feature = "stream-cipher")]
     for server in config.server.iter() {
         if server.method().is_stream() {
-            warn!("stream cipher {} for server {} have inherent weaknesses (see discussion in https://github.com/shadowsocks/shadowsocks-org/issues/36). \
+            log::warn!("stream cipher {} for server {} have inherent weaknesses (see discussion in https://github.com/shadowsocks/shadowsocks-org/issues/36). \
                     DO NOT USE. It will be removed in the future.", server.method(), server.addr());
         }
     }
@@ -62,7 +62,7 @@ pub async fn run(mut config: Config) -> io::Result<()> {
     if let Some(nofile) = config.nofile {
         use crate::sys::set_nofile;
         if let Err(err) = set_nofile(nofile) {
-            warn!("set_nofile {} failed, error: {}", nofile, err);
+            log::warn!("set_nofile {} failed, error: {}", nofile, err);
         }
     }
 
@@ -82,12 +82,14 @@ pub async fn run(mut config: Config) -> io::Result<()> {
     };
     connect_opts.tcp.send_buffer_size = config.outbound_send_buffer_size;
     connect_opts.tcp.recv_buffer_size = config.outbound_recv_buffer_size;
+    connect_opts.tcp.fastopen = config.fast_open;
     context.set_connect_opts(connect_opts);
 
     let mut accept_opts = AcceptOpts::default();
     accept_opts.tcp.send_buffer_size = config.inbound_send_buffer_size;
     accept_opts.tcp.recv_buffer_size = config.inbound_recv_buffer_size;
     accept_opts.tcp.nodelay = config.no_delay;
+    accept_opts.tcp.fastopen = config.fast_open;
 
     if let Some(resolver) = build_dns_resolver(config.dns, config.ipv6_first, context.connect_opts_ref()).await {
         context.set_dns_resolver(Arc::new(resolver));