Documentation
¶
Overview ¶
Package socks5 implements a SOCKS5 client/server. For more information see RFC 1928 and RFC 1929.
Notes:
- GSSAPI authentication, is NOT supported.
- The authentication provided by the client is always accepted.
- A lot of the code is shamelessly stolen from obfs4proxy.
Index ¶
- Constants
- Variables
- func DbusProcDeathCB(pid int, param interface{})
- func GetFilterScopeString(scope FilterScope) string
- func GetRealRoot(pathname string, pid int) string
- func ListProxies() ([]string, error)
- func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, proto string, ...) (*procsnitch.Info, string)
- func Main()
- func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, fw *Firewall) *socksChain
- func OzReceiver(fw *Firewall)
- func ReceiverLoop(fw *Firewall, c net.Conn)
- func TLSGuard(conn, conn2 net.Conn, fqdn string) error
- type Address
- type AuthInfo
- type Command
- type DbusRule
- type DesktopEntry
- type FilterResult
- type FilterScope
- type Firewall
- type FirewallConfigs
- type ListProxiesMsg
- type ListProxiesResp
- type ListSandboxesMsg
- type ListSandboxesResp
- type OzInitProc
- type Policy
- type ReplyCode
- type Request
- type Rule
- type RuleAction
- type RuleList
- type RuleMode
- type SandboxInfo
- type SocksJsonConfig
Constants ¶
const ( STR_REDACTED = "[redacted]" STR_UNKNOWN = "[uknown]" )
Static strings for various usage
const MAX_PROMPTS = 3
const OzSocketName = "@oz-control"
const ReceiverSocketPath = "/var/run/fw-daemon/fwoz.sock"
Variables ¶
var DoMultiPrompt = true
var FilterResultString = map[FilterResult]string{ FILTER_DENY: "DENY", FILTER_ALLOW: "ALLOW", FILTER_PROMPT: "PROMPT", FILTER_ALLOW_TLSONLY: "ALLOW_TLSONLY", }
FilterResultString converts a filter value ID to its string
var FilterResultValue = map[string]FilterResult{ FilterResultString[FILTER_DENY]: FILTER_DENY, FilterResultString[FILTER_ALLOW]: FILTER_ALLOW, FilterResultString[FILTER_PROMPT]: FILTER_PROMPT, FilterResultString[FILTER_ALLOW_TLSONLY]: FILTER_ALLOW_TLSONLY, }
FilterResultValue converts a filter value string to its ID
var FilterScopeString = map[FilterScope]string{ APPLY_ONCE: "ONCE", APPLY_SESSION: "SESSION", APPLY_PROCESS: "PROCESS", APPLY_FOREVER: "FOREVER", }
FilterScopeString converts a filter scope ID to its string
var FilterScopeValue = map[string]FilterScope{ FilterScopeString[APPLY_ONCE]: APPLY_ONCE, FilterScopeString[APPLY_SESSION]: APPLY_SESSION, FilterScopeString[APPLY_PROCESS]: APPLY_PROCESS, FilterScopeString[APPLY_FOREVER]: APPLY_FOREVER, }
FilterScopeString converts a filter scope string to its ID
var IDToLevel = func() map[string]int32 { m := make(map[string]int32) for k, v := range LevelToID { m[v] = k } return m }()
Log level string conversion
var LevelToID = map[int32]string{ int32(logging.ERROR): "error", int32(logging.WARNING): "warning", int32(logging.NOTICE): "notice", int32(logging.INFO): "info", int32(logging.DEBUG): "debug", }
Log level conversion map
var OzInitPids []OzInitProc = []OzInitProc{}
var RuleActionString = map[RuleAction]string{ RULE_ACTION_DENY: "DENY", RULE_ACTION_ALLOW: "ALLOW", RULE_ACTION_ALLOW_TLSONLY: "ALLOW_TLSONLY", }
RuleActionString is used to get a string from an action id
var RuleActionValue = map[string]RuleAction{ RuleActionString[RULE_ACTION_DENY]: RULE_ACTION_DENY, RuleActionString[RULE_ACTION_ALLOW]: RULE_ACTION_ALLOW, RuleActionString[RULE_ACTION_ALLOW_TLSONLY]: RULE_ACTION_ALLOW_TLSONLY, }
RuleActionValue is used to get an action id using the action string
var RuleModeString = map[RuleMode]string{ RULE_MODE_SESSION: "SESSION", RULE_MODE_PROCESS: "PROCESS", RULE_MODE_PERMANENT: "PERMANENT", RULE_MODE_SYSTEM: "SYSTEM", }
RuleModeString is used to get a rule mode string from its id
var RuleModeValue = map[string]RuleMode{ RuleModeString[RULE_MODE_SESSION]: RULE_MODE_SESSION, RuleModeString[RULE_MODE_PROCESS]: RULE_MODE_PROCESS, RuleModeString[RULE_MODE_PERMANENT]: RULE_MODE_PERMANENT, RuleModeString[RULE_MODE_SYSTEM]: RULE_MODE_SYSTEM, }
RuleModeValue converts a mode string to its id
Functions ¶
func DbusProcDeathCB ¶ added in v0.0.7
func DbusProcDeathCB(pid int, param interface{})
func GetFilterScopeString ¶
func GetFilterScopeString(scope FilterScope) string
GetFilterScopeString is used to safely return a filter scope string
func GetRealRoot ¶ added in v0.0.7
func ListProxies ¶ added in v0.0.7
func LookupSandboxProc ¶ added in v0.0.7
func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, proto string, strictness, icode int) (*procsnitch.Info, string)
XXX: This is redundant code.... it should be called by findProcessForPacket()
func NewSocksChain ¶ added in v0.0.7
func OzReceiver ¶ added in v0.0.7
func OzReceiver(fw *Firewall)
func ReceiverLoop ¶ added in v0.0.7
Types ¶
type Address ¶ added in v0.0.7
type Address struct {
// contains filtered or unexported fields
}
Address is a SOCKS 5 address + port.
func Redispatch ¶ added in v0.0.7
func Redispatch(proxyNet, proxyAddr string, req *Request) (conn net.Conn, bndAddr *Address, err error)
Redispatch dials the provided proxy and redispatches an existing request.
func (*Address) FromString ¶ added in v0.0.7
FromString parses the provided "host:port" format address and populates the Address fields.
func (*Address) HostPort ¶ added in v0.0.7
HostPort returns the string representation of the addess, split into the host and port components.
type DbusRule ¶
type DbusRule struct { ID uint32 Net string Origin string Proto string Pid uint32 Privs string App string Path string Verb uint16 Target string Mode uint16 Sandbox string }
DbusRule struct of the rule passed to the dbus interface
type DesktopEntry ¶
type DesktopEntry struct {
// contains filtered or unexported fields
}
type FilterResult ¶
type FilterResult uint16
FilterResult contains the filtering resulting action
const ( FILTER_DENY FilterResult = iota FILTER_ALLOW FILTER_PROMPT FILTER_ALLOW_TLSONLY )
type FilterScope ¶
type FilterScope uint16
FilterScope contains a filter's time scope
const ( APPLY_ONCE FilterScope = iota APPLY_SESSION APPLY_PROCESS APPLY_FOREVER )
func GetFilterScopeValue ¶
func GetFilterScopeValue(scope string) FilterScope
GetFilterScopeValue is used to safely return a filter scope ID
type Firewall ¶
type Firewall struct {
// contains filtered or unexported fields
}
func (*Firewall) PolicyForPath ¶
type FirewallConfigs ¶
type FirewallConfigs struct { LogLevel string LoggingLevel logging.Level `toml:"-"` LogRedact bool PromptExpanded bool PromptExpert bool DefaultAction string DefaultActionID FilterScope `toml:"-"` }
var FirewallConfig FirewallConfigs
type ListProxiesMsg ¶ added in v0.0.7
type ListProxiesMsg struct {
// contains filtered or unexported fields
}
type ListProxiesResp ¶ added in v0.0.7
type ListProxiesResp struct {
Proxies []string "ListProxiesResp"
}
type ListSandboxesMsg ¶ added in v0.0.7
type ListSandboxesMsg struct {
// contains filtered or unexported fields
}
type ListSandboxesResp ¶ added in v0.0.7
type ListSandboxesResp struct {
Sandboxes []SandboxInfo "ListSandboxesResp"
}
type OzInitProc ¶ added in v0.0.7
type ReplyCode ¶ added in v0.0.7
type ReplyCode byte
ReplyCode is a SOCKS 5 reply code.
const ( ReplySucceeded ReplyCode = iota ReplyGeneralFailure ReplyConnectionNotAllowed ReplyNetworkUnreachable ReplyHostUnreachable ReplyConnectionRefused ReplyTTLExpired ReplyCommandNotSupported ReplyAddressNotSupported )
The various SOCKS 5 reply codes from RFC 1928.
func ErrorToReplyCode ¶ added in v0.0.7
ErrorToReplyCode converts an error to the "best" reply code.
type Request ¶ added in v0.0.7
type Request struct { Auth AuthInfo Cmd Command Addr Address // contains filtered or unexported fields }
Request describes a SOCKS 5 request.
func Handshake ¶ added in v0.0.7
Handshake attempts to handle a incoming client handshake over the provided connection and receive the SOCKS5 request. The routine handles sending appropriate errors if applicable, but will not close the connection.
type Rule ¶
type Rule struct {
// contains filtered or unexported fields
}
func (*Rule) AddrString ¶
type RuleAction ¶
type RuleAction uint16
RuleAction is the action to apply to a rule
const ( RULE_ACTION_DENY RuleAction = iota RULE_ACTION_ALLOW RULE_ACTION_ALLOW_TLSONLY )