github.com/cybozu-go/usocksd
usocksd is a SOCKS server written in Go.
usocksd/socks
is a general purpose SOCKS server library. usocksd is built on it.
Support for SOCKS4, SOCKS4a, SOCK5
Graceful stop & restart
Access log
Thanks to cybozu-go/log,
usocksd can output access logs in structured formats including
JSON.
Specific network interface
usocksd can be configured to use specific network interface for outgoing connections.
It is extremely useful if you want to send all traffic to VPN/Wireguard device or you have multiple network cards.
Multiple external IP addresses
usocksd can be configured to use multiple external IP addresses for outgoing connections.
usocksd keeps using the same external IP address for a client as much as possible. This means usocksd can proxy passive FTP connections reliably.
Moreover, you can use a DNSBL service to exclude dynamically from using some undesirable external IP addresses.
White- and black- list of sites
usocksd can be configured to grant access to the sites listed in a white list, and/or to deny access to the sites listed in a black list.
usocksd can block connections to specific TCP ports, too.
Use a recent version of Go.
go get -u github.com/cybozu-go/usocksd/...
usocksd [-h] [-f CONFIG]
The default configuration file path is /etc/usocksd.toml.
In addition, usocksd implements the common spec from cybozu-go/well.
usocksd does not have daemon mode. Use systemd to run it on your background.
usocksd.toml is a TOML file.
All fields are optional.
[log]
filename = "/path/to/file" # default to stderr.
level = "info" # critical, error, warning, info, debug
format = "plain" # plain, logfmt, json
[incoming]
port = 1080
metrics_port = 1081 # Port number to serve metrics
addresses = ["127.0.0.1"] # List of listening IP addresses
allow_from = ["10.0.0.0/8"] # CIDR network or IP address
[outgoing]
allow_sites = [ # List of FQDN to be granted.
"www.amazon.com", # exact match
".google.com", # subdomain match
]
deny_sites = [ # List of FQDN to be denied.
".2ch.net", # subdomain match
"bad.google.com", # deny a domain of *.google.com
"", # "" matches non-FQDN (IP) requests.
]
deny_ports = [22, 25] # Black list of outbound ports
iface = tun0 # Outgoing traffic binds to specific network interface
addresses = ["12.34.56.78"] # List of source IP addresses
dnsbl_domain = "some.dnsbl.org" # to exclude black listed IP addresses
If you see usocksd consumes too much CPU, try setting GOGC to higher value, say 300.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.