SOCKS.CONF(5)SOCKS.CONF(5)NAMEsocks.conf - socks client configuration file syntax
DESCRIPTION
The configuration file for the socks client library allow control over
logging and server selection. It is divided into two parts, miscella‐
neous settings and routes. A line can be commented using the standard
comment character #.
FORMAT
The miscellaneous settings have a keyword followed by a colon and the
value.
debug Setting this field to 1 turns on debugging.
logoutput
This value controls where the client library sends logoutput.
It can be either syslog, stdout, stderr, a filename, or a combi‐
nation. The default is no logging.
resolveprotocol
The protocol used to resolve hostnames. Valid values are udp,
tcp and fake. The default is udp.
ROUTES
The routes are specified with a route keyword. Inside a pair of paren‐
thesis ({}) a set of keywords control the behavior of the route. Each
route can contain three address specifications; from, to and via. A
route is selected for a connection based on the values within the route
block.
When searching for a route to match the clients request, the library
will first look for a direct route. Then for a socks_v5 route, a
socks_v4 route, a http_v1.0 route, and lastly for a upnp route.
Depending on how the library is configured and environment variables
set (see the manual for socksify(1)), there may or may not be an auto‐
matic fallback to an auto-generated direct route if no other route is
found.
The route block can contain the following:
ADDRESSES
Each address field can consist of a ipaddress (and where mean‐
ingful, a netmask, separated from the ipaddress by a '/' sign.),
a hostname, a domainname (designated by the leading '.'), or an
interfacename (where meaningful). Each address can be followed
by a optional port specifier.
from The route is used only by requests coming from the address given
as value.
to The route is used only by requests going to the address given as
value.
via Address of server to be used as gateway for the connection. In
the case of upnp, it can also be the name of the interface to
use for discovering the upnp controlpoint, if the full url for
the IGD is not yet known.
port Parameter to from, to and via. Accepts the keywords eq/=,
ne/!=, ge/>=, le/<=, gt/>, lt/< followed by a number. A por‐
trange can also be given as "port <start #> - <end #>", which
will match all port numbers within the range <start #> and <end
#>.
Options
clientcompatibility
Enables certain options for compatibility with broken servers.
Valid values are: necgssapi, for compatibility with servers
implementing gssapi the NEC socks way.
command
The server supports the given commands. Valid commands are
bind, bindreply, connect, udpassociate and udpreply. The
default is all commands supported by the protocols set for the
route.
gssapi.enctype
Which encryption to enforce for GSSAPI-authenticated communica‐
tion. Possible values are clear, integrity, or confidentiality.
The default is to try for confidentially, but accept whatever
the server offers.
gssapi.servicename
Which servicename to use when involving GSSAPI. Default is
"rcmd".
Can be used instead of, or to complement, protocol.
method List of authentication methods the client supports and which to
offer the server. Currently supported values are none, gssapi,
and username. The default is all supported methods.
protocol
The protocols the server supports. Supported values are tcp and
udp. The default is all supported protocols.
proxyprotocol
The proxy protocols the server supports. Currently supported
values are socks_v4, socks_v5, http_v1.0, and upnp. The default
is socks_v5.
EXAMPLES
See the example directory in the distribution.
ENVIRONMENT
SOCKS_USERNAME
Use the value of SOCKS_USERNAME as the username when doing user‐
name authentication.
SOCKS_PASSWORD
Use the value of SOCKS_PASSWORD as the password when doing user‐
name authentication. Not recommended as other users on the sys‐
tem might be able to see your password.
SOCKS_AUTOADD_LANROUTES
If this variable is set to "no", the client will not try to
auto-add direct routes for all addresses on the lan. The
default is to add them.
SOCKS_DISABLE_THREADLOCK
If this variable is set, the client will not perform threadlock‐
ing. The default is for the client to attempt to figure out for
itself whether the application to socksify needs threadlocking
or not.
Some additional environment variables are documented in socksify(1).
FILES /etc/opt/csw/socks.conf
AUTHORS
For inferno Nettverk A/S:
Michael Shuldman
Karl-Andre' Skevik
SEE ALSOsocksify(1)sockd(8)sockd.conf(5)
Information about new releases and other related issues can be found
on the Dante WWW home page: http://www.inet.no/dante/
BUGS
See the accompanying BUGS file. New ones should be reported to
dante-bugs@inet.no.
January, 2009 SOCKS.CONF(5)