README
¶
Port from github.com/cloudfoundry/go-socks5 at 2021/01/27 and I found that github.com/cloudfoundry/go-socks5 seems
forked from github.com/armon/go-socks5
go-socks5 
Provides the socks5 package that implements a SOCKS5 server. SOCKS (Secure
Sockets) is used to route traffic between a client and server through an intermediate proxy layer.
Feature
The package has the following features:
- "No Auth" mode
- User/Password authentication
- Support for the CONNECT command
- Rules to do granular filtering of commands
- Custom DNS resolution
- Unit tests
TODO
The package still needs the following:
- Support for the BIND command
- Support for the ASSOCIATE command
Example
Below is a simple example of usage
// Create a SOCKS5 server
conf := &socks5.Config{}
server, err := socks5.New(conf)
if err != nil {
panic(err)
}
// Create SOCKS5 proxy on localhost port 8000
if err := server.ListenAndServe("tcp", "127.0.0.1:8000"); err != nil {
panic(err)
}
Documentation
¶
Index ¶
- Constants
- Variables
- type AddrSpec
- type AddressRewriter
- type AddressType
- type AuthContext
- type Authenticator
- type Command
- type CommandReq
- type CommandResp
- type Config
- type CredentialStore
- type NoAuthAuthenticator
- type PermitCommand
- type Reply
- type Request
- type RuleSet
- type Server
- type StaticCredentials
- type UserPassAuthenticator
- type VimsReq
- type VimsResp
Constants ¶
const ( NoAuth = uint8(0) UserPassAuth = uint8(2) )
const ( ConnectCommand = uint8(1) BindCommand = uint8(2) AssociateCommand = uint8(3) )
const ( Version = uint8(5) AddrIPv4 AddressType = 1 AddrDomainName AddressType = 3 // domain name AddrIPv6 AddressType = 4 CommandConnect Command = 1 CommandBind Command = 2 CommandUdpAssociate Command = 3 CommandMin = CommandConnect CommandMax = CommandUdpAssociate ReplySuccess Reply = 0 ReplyFailed Reply = 1 ReplyUnreached Reply = 3 ReplyNoSuchHost Reply = 4 ReplyConnectDenied Reply = 5 ReplyTtlOver Reply = 6 ReplyUnsupportedCommand Reply = 7 ReplyUnsupportedAddress Reply = 8 )
Variables ¶
var ( UserAuthFailed = fmt.Errorf("User authentication failed") NoSupportedAuth = fmt.Errorf("No supported authentication mechanism") )
Functions ¶
This section is empty.
Types ¶
type AddrSpec ¶
AddrSpec is used to return the target AddrSpec which may be specified as IPv4, IPv6, or a FQDN
type AddressRewriter ¶
type AddressRewriter interface {
Rewrite(ctx context.Context, request *Request) (context.Context, *AddrSpec)
}
AddressRewriter is used to rewrite a destination transparently
type AddressType ¶
type AddressType byte
func (AddressType) String ¶
func (at AddressType) String() string
type AuthContext ¶
type AuthContext struct {
// Provided auth method
Method uint8
// Payload provided during negotiation.
// Keys depend on the used auth method.
// For UserPassauth contains Username
Payload map[string]string
}
A Request encapsulates authentication state provided during negotiation
type Authenticator ¶
type CommandReq ¶
type CommandResp ¶
type Config ¶
type Config struct {
// AuthMethods can be provided to implement custom authentication
// By default, "auth-less" mode is enabled.
// For password-based auth use UserPassAuthenticator.
AuthMethods []Authenticator
// If provided, username/password authentication is enabled,
// by appending a UserPassAuthenticator to AuthMethods. If not provided,
// and AUthMethods is nil, then "auth-less" mode is enabled.
Credentials CredentialStore
// Resolver can be provided to do custom name resolution.
// Defaults to SysDNSResolver if not provided.
Resolver gnet.LookupIPWithCtxFunc
// Rules is provided to enable custom logic around permitting
// various commands. If not provided, PermitAll is used.
Rules RuleSet
// Rewriter can be used to transparently rewrite addresses.
// This is invoked before the RuleSet is invoked.
// Defaults to NoRewrite.
Rewriter AddressRewriter
// BindIP is used for bind or udp associate
BindIP net.IP
// Logger can be used to provide a custom log target.
// Defaults to stdout.
Logger *log.Logger
Log glog.Interface
// Optional function for dialing out
Dial func(ctx context.Context, network, addr string) (net.Conn, error)
// contains filtered or unexported fields
}
Config is used to setup and configure a Server
type CredentialStore ¶
CredentialStore is used to support user/pass authentication
type NoAuthAuthenticator ¶
type NoAuthAuthenticator struct{}
NoAuthAuthenticator is used to handle the "No Authentication" mode
func (NoAuthAuthenticator) Authenticate ¶
func (a NoAuthAuthenticator) Authenticate(reader io.Reader, writer io.Writer) (*AuthContext, error)
func (NoAuthAuthenticator) GetCode ¶
func (a NoAuthAuthenticator) GetCode() uint8
type PermitCommand ¶
PermitCommand is an implementation of the RuleSet which enables filtering supported commands
type Request ¶
type Request struct {
// Protocol version
Version uint8
// Requested command
Command uint8
// AuthContext provided during negotiation
AuthContext *AuthContext
// AddrSpec of the the network that sent the request
RemoteAddr *AddrSpec
// AddrSpec of the desired destination
DestAddr *AddrSpec
// contains filtered or unexported fields
}
A Request represents request received by a server
type RuleSet ¶
RuleSet is used to provide custom rules to allow or prohibit actions
func PermitAll ¶
func PermitAll() RuleSet
PermitAll returns a RuleSet which allows all types of connections
func PermitNone ¶
func PermitNone() RuleSet
PermitNone returns a RuleSet which disallows all types of connections
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is reponsible for accepting connections and handling the details of the SOCKS5 protocol
func (*Server) ListenAndServe ¶
ListenAndServe is used to create a listener and serve on it
type StaticCredentials ¶
StaticCredentials enables using a map directly as a credential store
func (StaticCredentials) Valid ¶
func (s StaticCredentials) Valid(user, password string) bool
type UserPassAuthenticator ¶
type UserPassAuthenticator struct {
Credentials CredentialStore
}
UserPassAuthenticator is used to handle username/password based authentication
func (UserPassAuthenticator) Authenticate ¶
func (a UserPassAuthenticator) Authenticate(reader io.Reader, writer io.Writer) (*AuthContext, error)
func (UserPassAuthenticator) GetCode ¶
func (a UserPassAuthenticator) GetCode() uint8
Source Files