The highest tagged major version is
README
¶
go-socks5 
Provides the socks5 package that implements a SOCKS5 server.
SOCKS (Secure Sockets) is used to route traffic between a client and server through
an intermediate proxy layer. This can be used to bypass firewalls or NATs.
Feature
The package has the following features:
- "No Auth" mode
- User/Password authentication
- Support for the CONNECT command
- Rules to do granular filtering of commands
- Custom DNS resolution
- Unit tests
Example
Below is a simple example of usage
// Create a SOCKS5 server
conf := &socks5.Config{}
server, err := socks5.New(conf)
if err != nil {
panic(err)
}
// Create SOCKS5 proxy on localhost port 8000
if err := server.ListenAndServe("tcp", "127.0.0.1:8000"); err != nil {
panic(err)
}
Documentation
¶
Overview ¶
Package socks5 is imported from https://github.com/armon/go-socks5
Index ¶
- Constants
- Variables
- func BidiCopy(conn1, conn2 io.ReadWriteCloser, isClient bool) error
- func BidiCopyUDP(udpConn *net.UDPConn, tunnelConn *UDPAssociateTunnelConn) error
- type AddrSpec
- type AuthContext
- type Authenticator
- type Config
- type CredentialStore
- type DNSResolver
- type NameResolver
- type NoAuthAuthenticator
- type ProxyConfig
- type Request
- type Server
- type ServerGroup
- type StaticCredentials
- type UDPAssociateTunnelConn
- type UserPassAuthenticator
Constants ¶
const ( NoAuth = uint8(0) UserPassAuth = uint8(2) )
const ( ConnectCommand = uint8(1) BindCommand = uint8(2) AssociateCommand = uint8(3) )
Variables ¶
var ( UserAuthFailed = fmt.Errorf("User authentication failed") NoSupportedAuth = fmt.Errorf("No supported authentication mechanism") )
Functions ¶
func BidiCopy ¶ added in v1.7.0
func BidiCopy(conn1, conn2 io.ReadWriteCloser, isClient bool) error
BidiCopy does bi-directional data copy.
func BidiCopyUDP ¶ added in v1.7.0
func BidiCopyUDP(udpConn *net.UDPConn, tunnelConn *UDPAssociateTunnelConn) error
BidiCopyUDP does bi-directional data copy between a proxy client UDP endpoint and the proxy tunnel.
Types ¶
type AddrSpec ¶
AddrSpec is used to return the target AddrSpec which may be specified as IPv4, IPv6, or a FQDN.
type AuthContext ¶
type AuthContext struct {
// Provided auth method
Method uint8
// Payload provided during negotiation.
// Keys depend on the used auth method.
// For UserPassauth contains Username
Payload map[string]string
}
A Request encapsulates authentication state provided during negotiation
type Authenticator ¶
type Authenticator interface {
Authenticate(conn io.ReadWriter) (*AuthContext, error)
GetCode() uint8
}
type Config ¶
type Config struct {
// AuthMethods can be provided to implement custom authentication
// By default, "auth-less" mode is enabled.
// For password-based auth use UserPassAuthenticator.
AuthMethods []Authenticator
// If provided, username/password authentication is enabled,
// by appending a UserPassAuthenticator to AuthMethods. If not provided,
// and AUthMethods is nil, then "auth-less" mode is enabled.
Credentials CredentialStore
// Resolver can be provided to do custom name resolution.
// Defaults to DNSResolver if not provided.
Resolver NameResolver
// BindIP is used for bind or udp associate
BindIP net.IP
// Allow using socks5 to access resources served in localhost.
AllowLocalDestination bool
// Use mieru proxy to carry socks5 traffic.
UseProxy bool
// Mieru proxy configuration.
ProxyConf []ProxyConfig
}
Config is used to setup and configure a socks5 server.
type CredentialStore ¶
CredentialStore is used to support user/pass authentication
type NameResolver ¶
type NameResolver interface {
Resolve(ctx context.Context, name string) (context.Context, net.IP, error)
}
NameResolver is used to implement custom name resolution
type NoAuthAuthenticator ¶
type NoAuthAuthenticator struct{}
NoAuthAuthenticator is used to handle the "No Authentication" mode
func (NoAuthAuthenticator) Authenticate ¶
func (a NoAuthAuthenticator) Authenticate(conn io.ReadWriter) (*AuthContext, error)
func (NoAuthAuthenticator) GetCode ¶
func (a NoAuthAuthenticator) GetCode() uint8
type ProxyConfig ¶ added in v1.3.0
type ProxyConfig struct {
// NetworkType ("tcp", "udp", etc.) used when dial to the proxy.
NetworkType string
// Address is proxy server listening address, in host:port format.
Address string
// Password is used to derive the cipher block used for encryption.
Password []byte
// Dial is the function to dial to the proxy server.
Dial func(ctx context.Context, proxyNetwork, localAddr, proxyAddr string, block cipher.BlockCipher) (net.Conn, error)
}
ProxyConfig is used to configure mieru proxy options.
type Request ¶
type Request struct {
// Protocol version.
Version uint8
// Requested command.
Command uint8
// AuthContext provided during negotiation.
AuthContext *AuthContext
// AddrSpec of the the network that sent the request.
RemoteAddr *AddrSpec
// AddrSpec of the desired destination.
DestAddr *AddrSpec
}
A Request represents request received by a server.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is reponsible for accepting connections and handling the details of the SOCKS5 protocol
func (*Server) ListenAndServe ¶
ListenAndServe is used to create a listener and serve on it.
type ServerGroup ¶ added in v1.3.0
type ServerGroup struct {
// contains filtered or unexported fields
}
ServerGroup is a collection of socks5 servers that share the same lifecycle.
func (*ServerGroup) Add ¶ added in v1.3.0
func (g *ServerGroup) Add(underlayProtocol string, port int, s *Server) error
Add adds a socks5 server into the ServerGroup.
func (*ServerGroup) CloseAndRemoveAll ¶ added in v1.3.0
func (g *ServerGroup) CloseAndRemoveAll() error
CloseAndRemoveAll closes all the socks5 servers and clear the group.
func (*ServerGroup) IsEmpty ¶ added in v1.3.0
func (g *ServerGroup) IsEmpty() bool
IsEmpty returns true if the group has no socks5 server.
type StaticCredentials ¶
StaticCredentials enables using a map directly as a credential store
func (StaticCredentials) Valid ¶
func (s StaticCredentials) Valid(user, password string) bool
type UDPAssociateTunnelConn ¶ added in v1.7.0
type UDPAssociateTunnelConn struct {
io.ReadWriteCloser
}
UDPAssociateTunnelConn keeps the boundary of UDP packets when transmitted inside the proxy tunnel, which is typically a streaming pipe.
Each original UDP packet will be wrapped like this
0x00 + 2 bytes of original length + original content + 0xff
the length is encoded with little endian.
func WrapUDPAssociateTunnel ¶ added in v1.7.0
func WrapUDPAssociateTunnel(conn io.ReadWriteCloser) *UDPAssociateTunnelConn
WrapUDPAssociateTunnel wraps an existing connection with UDPAssociateTunnelConn.
func (*UDPAssociateTunnelConn) Close ¶ added in v1.7.0
func (c *UDPAssociateTunnelConn) Close() error
type UserPassAuthenticator ¶
type UserPassAuthenticator struct {
Credentials CredentialStore
}
UserPassAuthenticator is used to handle username/password based authentication
func (UserPassAuthenticator) Authenticate ¶
func (a UserPassAuthenticator) Authenticate(conn io.ReadWriter) (*AuthContext, error)
func (UserPassAuthenticator) GetCode ¶
func (a UserPassAuthenticator) GetCode() uint8
Source Files