Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Socks4Matcher ¶
type Socks4Matcher struct {
// Only match on these commands. Default: ["CONNECT", "BIND"]
Commands []string `json:"commands,omitempty"`
// Only match on requests to one of these destination networks (IP or CIDR). Default: all networks.
Networks []string `json:"networks,omitempty"`
// Only match on requests to one of these destination ports. Default: all ports.
Ports []uint16 `json:"ports,omitempty"`
// contains filtered or unexported fields
}
Socks4Matcher matches SOCKSv4 connections according to https://www.openssh.com/txt/socks4.protocol. Since the SOCKSv4 header is very short it could produce a lot of false positives. To improve the matching use Commands, Ports and Networks to specify to which destinations you expect clients to connect to. By default, CONNECT & BIND commands are matched with any destination ip and port.
func (*Socks4Matcher) CaddyModule ¶
func (*Socks4Matcher) CaddyModule() caddy.ModuleInfo
func (*Socks4Matcher) Match ¶
func (m *Socks4Matcher) Match(cx *layer4.Connection) (bool, error)
Match returns true if the connection looks like it is using the SOCKSv4 protocol.
func (*Socks4Matcher) Provision ¶
func (m *Socks4Matcher) Provision(_ caddy.Context) error
func (*Socks4Matcher) UnmarshalCaddyfile ¶
func (m *Socks4Matcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
UnmarshalCaddyfile sets up the Socks4Matcher from Caddyfile tokens. Syntax:
socks4 {
commands <commands...>
networks <ranges...>
ports <ports...>
}
socks4
type Socks5Handler ¶
type Socks5Handler struct {
// Controls which socks5 methods are allowed. Possible values CONNECT, ASSOCIATE, BIND. Default: ["CONNECT", "ASSOCIATE"].
Commands []string `json:"commands,omitempty"`
// IP address used for bind during BIND or UDP ASSOCIATE.
BindIP string `json:"bind_ip,omitempty"`
// Map of username:password to active authentication. Default: no authentication.
Credentials map[string]string `json:"credentials,omitempty"`
// contains filtered or unexported fields
}
Socks5Handler is a connection handler that terminates SOCKSv5 connection.
func (*Socks5Handler) CaddyModule ¶
func (*Socks5Handler) CaddyModule() caddy.ModuleInfo
func (*Socks5Handler) Handle ¶
func (h *Socks5Handler) Handle(cx *layer4.Connection, _ layer4.Handler) error
Handle handles the SOCKSv5 connection.
func (*Socks5Handler) Provision ¶
func (h *Socks5Handler) Provision(ctx caddy.Context) error
func (*Socks5Handler) UnmarshalCaddyfile ¶
func (h *Socks5Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
UnmarshalCaddyfile sets up the Socks5Handler from Caddyfile tokens. Syntax:
socks5 {
bind_ip <address>
commands <values...>
credentials <username> <password> [<username> <password>]
}
Note: multiple commands and credentials options are supported, but bind_ip option can only be provided once. Only plain text passwords are currently supported.
type Socks5Matcher ¶
type Socks5Matcher struct {
AuthMethods []uint16 `json:"auth_methods,omitempty"`
}
Socks5Matcher matches SOCKSv5 connections according to RFC 1928 (https://www.rfc-editor.org/rfc/rfc1928.html). Since the SOCKSv5 header is very short it could produce a lot of false positives, use AuthMethods to exactly specify which METHODS you expect your clients to send. By default, only the most common methods are matched NO AUTH, GSSAPI & USERNAME/PASSWORD.
func (*Socks5Matcher) CaddyModule ¶
func (*Socks5Matcher) CaddyModule() caddy.ModuleInfo
func (*Socks5Matcher) Match ¶
func (m *Socks5Matcher) Match(cx *layer4.Connection) (bool, error)
Match returns true if the connection looks like it is using the SOCKSv5 protocol.
func (*Socks5Matcher) Provision ¶
func (m *Socks5Matcher) Provision(_ caddy.Context) error
func (*Socks5Matcher) UnmarshalCaddyfile ¶
func (m *Socks5Matcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
UnmarshalCaddyfile sets up the Socks5Matcher from Caddyfile tokens. Syntax:
socks5 {
auth_methods <auth_methods...>
}
socks5
Source Files