Files

user fa3621806d feat: add per-listener SOCKS5 server authentication (RFC 1929)

Per-listener username/password auth via `auth:` config key. When set,
clients must negotiate method 0x02 and pass RFC 1929 subnegotiation;
no-auth (0x00) is rejected to prevent downgrade. Listeners without
`auth` keep current no-auth behavior.

Includes auth_failures metric, API integration (/status auth flag,
/config auth_users count without exposing passwords), config parsing
with YAML int coercion, integration tests (success, failure, method
rejection, no-auth unchanged), and documentation updates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-21 17:03:03 +01:00

870 B

Raw Blame History

s5p -- Backlog

Features

SOCKS5 BIND and UDP ASSOCIATE commands
Chain randomization modes (round-robin, sticky-per-destination)
Systemd socket activation
Per-pool health test chain override (different base chain per pool)
Pool-level proxy protocol filter (only socks5 from pool X, only http from pool Y)
Listener-level retry override (different retry count per listener)

Performance

Benchmark relay throughput vs direct connection
Tune buffer sizes for different workloads
Connection pooling for frequently-used chains

Security

Optional SOCKS5 server authentication
Rate limiting per source IP
Access control lists

Observability

Prometheus metrics endpoint (/metrics in OpenMetrics format)
Per-pool health test success rate tracking
Per-pool latency breakdown in /status

Docs

Man page
Architecture diagram

870 B Raw Blame History

s5p -- Backlog

Features

Performance

Security

Observability

Docs

870 B

Raw Blame History