socks_proxy

This server provides socks proxy, which support tcp connect and udp associate.

The following common keys are supported:

• escaper

• auditor

• user_group

• shared_logger

• listen_in_worker

• tcp_sock_speed_limit

• udp_sock_speed_limit

• ingress_network_filter

• dst_host_filter_set

• dst_port_filter

• tcp_copy_buffer_size

• tcp_copy_yield_size

• udp_relay_packet_size

• udp_relay_yield_size

• udp_relay_batch_size

• tcp_misc_opts

• udp_misc_opts

• task_idle_check_interval

• task_idle_max_count

• flush_task_log_on_created

• flush_task_log_on_connected

• task_log_flush_interval

• extra_metrics_tags

The auth type supported by the server is determined by the type of the specified user group.

auth scheme	user group type	is supported
user	hashed_user	yes
gssapi	gss_api	not yet

listen

optional, type: tcp listen

Set the listen config for this server.

The instance count setting will be ignored if listen_in_worker is correctly enabled.

default: not set

Added in version 1.7.20: change listen config to be optional

use_udp_associate

optional, type: bool, alias: enable_udp_associate

Set whether we should use udp associate instead of udp connect.

default: false

username_params

optional, type: username_params

Allow to extract egress path info from username params.

default: not set

Added in version 1.13.0.

negotiation_timeout

optional, type: humanize duration

Set the max time duration for negotiation, before we start to handle the real socks commands.

default: 4s

udp_client_initial_timeout

optional, type: humanize duration

Set the max time duration to wait before the first udp packet after we send back the udp port info.

default: 30s

udp_bind_ipv4

optional, type: list of ipv4 addr str

Set the ipv4 addresses for udp associate local binding to socks client. If not set, the server ip for the tcp connection will be used when setup the udp listen socket.

If set, the tcp connect can be in ipv6 address family.

default: not set

udp_bind_ipv6

optional, type: list of ipv6 addr str

Set the ipv6 addresses for udp associate local binding to socks client. If not set, the server ip for the tcp connection will be used when setup the udp listen socket.

If set, the tcp connect can be in ipv4 address family.

default: not set

udp_bind_port_range

optional, type: port range

Set the UDP port-range for udp associate local binding to socks client. If not set, the port will be selected by the OS.

udp_socket_buffer

optional, type: socket buffer config

Set the buffer config for the udp socket.

Note

The buffer size of the socket at escaper side will also be set.

default: not set

transmute_udp_echo_ip

optional, type: map | bool

Set this if you want to reply another ip other then the real bind ip for the udp listen socket to the client.

The key of the map should be the local ip, and the value should be the ip you want the client to use. If no matched key found in the map, the unspecified ip address of the same family will be used.

For bool value, an empty map will be used if set to true, or disabled if set to false.

default: not set

Changed in version 1.9.9: allow bool value and change to use unspecified ip if no match records

auto_reply_local_ip_map

deprecated

Changed in version 1.11.8: deprecated, use transmute_udp_echo_ip instead