README
¶
SOCKS5 Library
The project is forked from armon/go-socks5
Run server using compiled binary :
Usage of socks5-server
-user string
proxy username
-pass string
proxy password
-inf string
proxy out interface (default "lo")
-port int
proxy port (default 1080)
-up int
up speed in megabits
-down int
down speed in megabits
Container :
Build the containerfile first
docker run -d --name socks5 -p 1080:1080 peterzam/go-socks5-server -user=<PROXY_USER> -pass=<PROXY_PASSWORD> -up=<PROXY_UP_LIMIT> -down=<PROXY_DOWN_LIMIT>
Leave PROXY_USER and PROXY_PASSWORD empty for skip authentication options while running socks5 server.
List of all supported config parameters
| ENV variable | Type | Default | Description |
|---|---|---|---|
| PROXY_USER | String | EMPTY | Set proxy user (also required existed PROXY_PASS) |
| PROXY_PASSWORD | String | EMPTY | Set proxy password for auth, used with PROXY_USER |
| PROXY_INF | String | "lo" | Set route Interface inside docker container |
| PROXY_PORT | String | 1080 | Set listen port for application inside docker container |
| PROXY_UP_LIMIT | Int | 0 | Set upload speed limit inside docker container |
| PROXY_DOWN_LIMIT | Int | 0 | Set download speed inside docker container |
Test running service
Without authentication
curl --socks5 <server ip>:1080 http://ifconfig.io
With authentication
curl --proxy socks5://<PROXY_USER>:<PROXY_USER>@<server ip>:1080 ifconfig.io
Credits
https://github.com/gerritjvv/tcpshaper
https://github.com/armon/go-socks5
Documentation
¶
Index ¶
- Constants
- Variables
- func GetInterfaceIpv4Addr(interfaceName string) (addr net.IP)
- type AddrSpec
- type AddressRewriter
- type AuthContext
- type Authenticator
- type Config
- type CredentialStore
- type DNSResolver
- type ErrorLogger
- type NameResolver
- type NoAuthAuthenticator
- type PermitCommand
- type Request
- type RuleSet
- type Server
- type StaticCredentials
- type UserPassAuthenticator
Constants ¶
const ( // AuthMethodNoAuth X'00' NO AUTHENTICATION REQUIRED AuthMethodNoAuth = uint8(0) // AuthMethodUserPass X'02' USERNAME/PASSWORD AuthMethodUserPass = uint8(2) // AuthMethodNoAcceptable X'FF' NO ACCEPTABLE METHODS AuthMethodNoAcceptable = uint8(255) )
AuthMethods
const ( // AuthUserPassVersion the VER field contains the current version // of the subnegotiation, which is X'01' AuthUserPassVersion = uint8(1) // AuthUserPassStatusSuccess a STATUS field of X'00' indicates success AuthUserPassStatusSuccess = uint8(0) // AuthUserPassStatusFailure if the server returns a `failure' // (STATUS value other than X'00') status, it MUST close the connection. AuthUserPassStatusFailure = uint8(1) )
const ( // CommandConnect CMD CONNECT X'01' CommandConnect = uint8(1) // CommandBind CMD BIND X'02'. The BIND request is used in protocols // which require the client to accept connections from the server. CommandBind = uint8(2) // CommandAssociate CMD UDP ASSOCIATE X'03'. The UDP ASSOCIATE request // is used to establish an association within the UDP relay process to // handle UDP datagrams. CommandAssociate = uint8(3) )
CMD declaration
const ( // AddressIPv4 IP V4 address: X'01' AddressIPv4 = uint8(1) // AddressDomainName DOMAINNAME: X'03' AddressDomainName = uint8(3) // AddressIPv6 IP V6 address: X'04' AddressIPv6 = uint8(4) )
ATYP address type of following address declaration
const ( // ReplySucceeded X'00' succeeded ReplySucceeded uint8 = iota // ReplyServerFailure X'01' general SOCKS server failure ReplyServerFailure // ReplyRuleFailure X'02' connection not allowed by ruleset ReplyRuleFailure // ReplyNetworkUnreachable X'03' Network unreachable ReplyNetworkUnreachable // ReplyHostUnreachable X'04' Host unreachable ReplyHostUnreachable // ReplyConnectionRefused X'05' Connection refused ReplyConnectionRefused // ReplyTTLExpired X'06' TTL expired ReplyTTLExpired // ReplyCommandNotSupported X'07' Command not supported ReplyCommandNotSupported // ReplyAddrTypeNotSupported X'08' Address type not supported ReplyAddrTypeNotSupported )
REP field declaration
Variables ¶
var ( // ErrUserAuthFailed failed to authenticate ErrUserAuthFailed = fmt.Errorf("user authentication failed") // ErrNoSupportedAuth authenticate method not supported ErrNoSupportedAuth = fmt.Errorf("no supported authentication mechanism") )
var ErrUDPFragmentNoSupported = errors.New("")
ErrUDPFragmentNoSupported UDP fragments not supported error
Functions ¶
func GetInterfaceIpv4Addr ¶
Types ¶
type AddrSpec ¶
AddrSpec is used to return the target AddrSpec which may be specified as IPv4, IPv6, or a FQDN
type AddressRewriter ¶
type AddressRewriter interface {
Rewrite(ctx context.Context, request *Request) (context.Context, *AddrSpec)
}
AddressRewriter is used to rewrite a destination transparently
type AuthContext ¶
type AuthContext struct {
// Provided auth method
Method uint8
// Payload provided during negotiation.
// Keys depend on the used auth method.
// For UserPassAuth contains Username
Payload map[string]string
}
AuthContext A Request encapsulates authentication state provided during negotiation
type Authenticator ¶
type Authenticator interface {
Authenticate(reader io.Reader, writer io.Writer) (*AuthContext, error)
GetCode() uint8
}
Authenticator auth
type Config ¶
type Config struct {
// AuthMethods can be provided to implement custom authentication
// By default, "auth-less" mode is enabled.
// For password-based auth use UserPassAuthenticator.
AuthMethods []Authenticator
// If provided, username/password authentication is enabled,
// by appending a UserPassAuthenticator to AuthMethods. If not provided,
// and AUthMethods is nil, then "auth-less" mode is enabled.
Credentials CredentialStore
// Resolver can be provided to do custom name resolution.
// Defaults to DNSResolver if not provided.
Resolver NameResolver
// Rules is provided to enable custom logic around permitting
// various commands. If not provided, PermitAll is used.
Rules RuleSet
// Rewriter can be used to transparently rewrite addresses.
// This is invoked before the RuleSet is invoked.
// Defaults to NoRewrite.
Rewriter AddressRewriter
// BindIP is used for bind or udp associate
BindIP net.IP
// BindIP is used for bind or udp associate
BindPort int
// Logger can be used to provide a custom log target.
// Defaults to stdout.
Logger ErrorLogger
// Bandwidth Rate limiter
Bandwidth bandwidth.ListenerConfig
// Optional function for dialing out
Dial func(ctx context.Context, network, addr string) (net.Conn, error)
// HandleConnect is an optional function for handling SOCKS connect requests
HandleConnect func(ctx context.Context, conn net.Conn, req *Request, replySuccess func(boundAddr net.Addr) error, replyError func(err error) error) error
}
Config is used to setup and configure a Server
type CredentialStore ¶
CredentialStore is used to support user/pass authentication
type ErrorLogger ¶
type ErrorLogger interface {
Printf(format string, v ...interface{})
}
ErrorLogger error handler, compatible with std logger
type NameResolver ¶
type NameResolver interface {
Resolve(ctx context.Context, name string) (context.Context, net.IP, error)
}
NameResolver is used to implement custom name resolution
type NoAuthAuthenticator ¶
type NoAuthAuthenticator struct{}
NoAuthAuthenticator is used to handle the "No Authentication" mode
func (NoAuthAuthenticator) Authenticate ¶
func (a NoAuthAuthenticator) Authenticate(reader io.Reader, writer io.Writer) (*AuthContext, error)
Authenticate implementation of Authenticator
func (NoAuthAuthenticator) GetCode ¶
func (a NoAuthAuthenticator) GetCode() uint8
GetCode implementation of Authenticator
type PermitCommand ¶
PermitCommand is an implementation of the RuleSet which enables filtering supported commands
type Request ¶
type Request struct {
// Protocol version
Version uint8
// Requested command
Command uint8
// AuthContext provided during negotiation
AuthContext *AuthContext
// AddrSpec of the the network that sent the request
RemoteAddr *AddrSpec
// AddrSpec of the desired destination
DestAddr *AddrSpec
BufConn io.Reader
// contains filtered or unexported fields
}
A Request represents request received by a server
type RuleSet ¶
RuleSet is used to provide custom rules to allow or prohibit actions
func PermitAll ¶
func PermitAll() RuleSet
PermitAll returns a RuleSet which allows all types of connections
func PermitNone ¶
func PermitNone() RuleSet
PermitNone returns a RuleSet which disallows all types of connections
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is responsible for accepting connections and handling the details of the SOCKS5 protocol
func (*Server) ListenAndServe ¶
ListenAndServe is used to create a listener and serve on it
type StaticCredentials ¶
StaticCredentials enables using a map directly as a credential store
func (StaticCredentials) Valid ¶
func (s StaticCredentials) Valid(user, password string) bool
Valid ...
type UserPassAuthenticator ¶
type UserPassAuthenticator struct {
Credentials CredentialStore
}
UserPassAuthenticator is used to handle username/password based authentication
func (UserPassAuthenticator) Authenticate ¶
func (a UserPassAuthenticator) Authenticate(reader io.Reader, writer io.Writer) (*AuthContext, error)
Authenticate implementation of Authenticator
func (UserPassAuthenticator) GetCode ¶
func (a UserPassAuthenticator) GetCode() uint8
GetCode implementation of Authenticator
Source Files
Directories