fa3621806d
Per-listener username/password auth via `auth:` config key. When set, clients must negotiate method 0x02 and pass RFC 1929 subnegotiation; no-auth (0x00) is rejected to prevent downgrade. Listeners without `auth` keep current no-auth behavior. Includes auth_failures metric, API integration (/status auth flag, /config auth_users count without exposing passwords), config parsing with YAML int coercion, integration tests (success, failure, method rejection, no-auth unchanged), and documentation updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
34 lines
870 B
Markdown
34 lines
870 B
Markdown
# s5p -- Backlog
|
|
|
|
## Features
|
|
|
|
- SOCKS5 BIND and UDP ASSOCIATE commands
|
|
- Chain randomization modes (round-robin, sticky-per-destination)
|
|
- Systemd socket activation
|
|
- Per-pool health test chain override (different base chain per pool)
|
|
- Pool-level proxy protocol filter (only socks5 from pool X, only http from pool Y)
|
|
- Listener-level retry override (different retry count per listener)
|
|
|
|
## Performance
|
|
|
|
- Benchmark relay throughput vs direct connection
|
|
- Tune buffer sizes for different workloads
|
|
- Connection pooling for frequently-used chains
|
|
|
|
## Security
|
|
|
|
- Optional SOCKS5 server authentication
|
|
- Rate limiting per source IP
|
|
- Access control lists
|
|
|
|
## Observability
|
|
|
|
- Prometheus metrics endpoint (`/metrics` in OpenMetrics format)
|
|
- Per-pool health test success rate tracking
|
|
- Per-pool latency breakdown in `/status`
|
|
|
|
## Docs
|
|
|
|
- Man page
|
|
- Architecture diagram
|