Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SOCKS.CONF(5)		      File Formats Manual		 SOCKS.CONF(5)

NAME
       socks.conf - socks client configuration file syntax

DESCRIPTION
       The  configuration file for the socks client library allow control over
       logging and server selection.  It is divided  into  two	parts;	global
       settings	 and  routes.  A line can be commented using the standard com-
       ment character #.

FORMAT
       The global settings are in the form of a	keyword	followed  by  a	 colon
       and the value.

       debug  Setting this field to 1 turns on debugging.

       logoutput
	      This  value  controls  where the client library sends logoutput.
	      It can be	either syslog, stdout, stderr, a filename, or a	combi-
	      nation.  The default is no logging.

       resolveprotocol
	      The  protocol  used to resolve hostnames.	 Valid values are udp,
	      tcp and fake.  The default is udp.

       route.badexpire
	      How long the "bad" marking of a route should remain  set	before
	      it is removed.  Default is 300 seconds.

       route.maxfail
	      How many times a route can fail before it	is marked as bad.  De-
	      fault is 1.

       timeout.connect
	      The number of seconds the	client will wait for a connect to  the
	      proxy  server  to	 complete.   The  default is 0,	indicating the
	      client should use	the systems default.

ROUTES
       The routes are specified	with a route keyword.  Inside a	pair of	paren-
       thesis  ({}) a set of keywords control the behavior of the route.  Each
       route can contain three address specifications; from, to	 and  via.   A
       route is	selected for a connection based	on the values within the route
       block.

       When searching for a route to match the clients	request,  the  library
       will  first  look  for  a  direct  route.  Then for a socks_v4 route, a
       socks_v5	route, a http route, and lastly	for a upnp route.

       Depending on how	the library is configured  and	environment  variables
       set  (see the manual for	socksify(1)), there may	or may not be an auto-
       matic fallback to an auto-generated direct route	if no other  route  is
       found.

       The route block can contain the following:

       ADDRESSES
	      Each  address field can consist of a IP-address (and where mean-
	      ingful, a	netmask,  separated  from  the	IP-address  by	a  '/'
	      sign.),  a  hostname,  a	domainname  (designated	by the leading
	      '.'), or an interfacename	(where meaningful).  Each address  can
	      be followed by a optional	port specifier.

       from   The route	is used	only by	requests coming	from the address given
	      as value.

       to     The route	is used	only by	requests going to the address given as
	      value.

       via    Address of the proxy server that should be used as a gateway for
	      the connection, or the special value direct to indicate the con-
	      nection should be	direct rather than go via any proxy server.

	      In the case of upnp, the address can also	be the name of the in-
	      terface to use for discovering the  upnp	controlpoint,  if  the
	      full  url	 for  the  IGD	is not yet known, or the special value
	      broadcast	to indicate the	client should broadcast	for  an	 upnp-
	      router on	all available network interfaces.

       port   Parameter	 to  from,  to	and  via.   Accepts the	keywords eq/=,
	      ne/!=, ge/>=, le/<=, gt/>, lt/< followed by a  number.   A  por-
	      trange  can  also	 be given as "port <start #> - <end #>", which
	      will match all port numbers within the range <start #> and  <end
	      #>.

       Options

       clientcompatibility
	      Enables  certain	options	for compatibility with broken servers.
	      Valid values are:	necgssapi, for compatibility with servers  im-
	      plementing gssapi	the NEC	socks way.

       command
	      The  server  supports  the  given	 commands.  Valid commands are
	      bind, bindreply, connect,	udpassociate and udpreply.    The  de-
	      fault  is	 all  commands	supported by the protocols set for the
	      route.

	      Can be used instead of, or to complement,	protocol.

       gssapi.enctype
	      Which encryption to enforce for GSSAPI-authenticated  communica-
	      tion.  Possible values are clear,	integrity, or confidentiality.
	      The default is to	try for	confidentially,	 but  accept  whatever
	      the  server  offers  except  clear,  as clear is not part	of the
	      SOCKS GSSAPI standard.

       gssapi.servicename
	      Which servicename	to use	when  involving	 GSSAPI.   Default  is
	      "rcmd".

       method List  of authentication methods the client supports and which to
	      offer the	server.	 Currently supported values are	none,  gssapi,
	      and username.  The default is all	supported methods.

       protocol
	      The protocols the	server supports.  Supported values are tcp and
	      udp.  The	default	is all supported protocols.

       proxyprotocol
	      The proxy	protocols the server  supports.	  Currently  supported
	      values  are  socks_v4, socks_v5, http, and upnp.	The default is
	      socks_v4 and socks_v5.  Note that	if the socks  server  requires
	      any  form	 of authentication, you	need to	explicitly set this to
	      to socks_v5, as v4 does not support authentication.

EXAMPLES
       See the example directory in the	distribution.

ENVIRONMENT
       SOCKS_USERNAME
	      Use the value of SOCKS_USERNAME as the username when doing user-
	      name authentication.

       SOCKS_PASSWORD
	      Use the value of SOCKS_PASSWORD as the password when doing user-
	      name authentication.  Not	recommended as other users on the sys-
	      tem might	be able	to see your password.

       SOCKS_AUTOADD_LANROUTES
	      If  this	variable  is  set  to "no", the	client will not	try to
	      auto-add direct routes for all addresses on the  LAN.   The  de-
	      fault is to add them.

       SOCKS_DISABLE_THREADLOCK
	      If this variable is set, the client will not perform threadlock-
	      ing.  The	default	is for the client to attempt to	figure out for
	      itself  whether  the application to socksify needs threadlocking
	      or not.

       Some additional environment variables are documented in socksify(1).

       FILES  /etc/socks.conf

AUTHORS
       For inferno Nettverk A/S:
	  Michael Shuldman
	  Karl-Andre' Skevik

SEE ALSO
       socksify(1), sockd(8), sockd.conf(5)

       Information about new releases and other	related	issues can be found on
       the Dante WWW home page:	http://www.inet.no/dante/

BUGS
       See  the	 accompanying  BUGS  file.   New  ones	should	be reported to
       dante-bugs@inet.no.

				 July 29 2013			 SOCKS.CONF(5)

NAME | DESCRIPTION | FORMAT | ROUTES | EXAMPLES | ENVIRONMENT | AUTHORS | SEE ALSO | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=socks.conf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help