github.com/cybozu-go/usocksd
Readme
usocksd is a SOCKS server written in Go.
usocksd/socks
is a general purpose SOCKS server library. usocksd is built on it.
Support for SOCKS4, SOCKS4a, SOCK5
Graceful stop & restart
Access log
Thanks to cybozu-go/log,
usocksd can output access logs in structured formats including
JSON.
Specific network interface
usocksd can be configured to use specific network interface for outgoing connections.
It is extremely useful if you want to send all traffic to VPN/Wireguard device or you have multiple network cards.
Multiple external IP addresses
usocksd can be configured to use multiple external IP addresses for outgoing connections.
usocksd keeps using the same external IP address for a client as much as possible. This means usocksd can proxy passive FTP connections reliably.
Moreover, you can use a DNSBL service to exclude dynamically from using some undesirable external IP addresses.
White- and black- list of sites
usocksd can be configured to grant access to the sites listed in a white list, and/or to deny access to the sites listed in a black list.
usocksd can block connections to specific TCP ports, too.
Use a recent version of Go.
go get -u github.com/cybozu-go/usocksd/...
usocksd [-h] [-f CONFIG]
The default configuration file path is /etc/usocksd.toml.
In addition, usocksd implements the common spec from cybozu-go/well.
usocksd does not have daemon mode. Use systemd to run it on your background.
usocksd.toml is a TOML file.
All fields are optional.
[log]
filename = "/path/to/file" # default to stderr.
level = "info" # critical, error, warning, info, debug
format = "plain" # plain, logfmt, json
[incoming]
port = 1080
metrics_port = 1081 # Port number to serve metrics
addresses = ["127.0.0.1"] # List of listening IP addresses
allow_from = ["10.0.0.0/8"] # CIDR network or IP address
[outgoing]
allow_sites = [ # List of FQDN to be granted.
"www.amazon.com", # exact match
".google.com", # subdomain match
]
deny_sites = [ # List of FQDN to be denied.
".2ch.net", # subdomain match
"bad.google.com", # deny a domain of *.google.com
"", # "" matches non-FQDN (IP) requests.
]
deny_ports = [22, 25] # Black list of outbound ports
iface = tun0 # Outgoing traffic binds to specific network interface
addresses = ["12.34.56.78"] # List of source IP addresses
dnsbl_domain = "some.dnsbl.org" # to exclude black listed IP addresses
If you see usocksd consumes too much CPU, try setting GOGC to higher value, say 300.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.