mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-13 23:36:08 +00:00
61ce7c4a22
will be used to support SOCKS operation in the soon-to-be-released next version of CVSup. A tip of the hat to: Darryl Okahata, who developed the patches necessary to make the SOCKS library work with Modula-3's multithreaded I/O system.
257 lines
6.6 KiB
Groff
257 lines
6.6 KiB
Groff
.\" From: /3a/socks/man/RCS/socks.conf.4,v 2.11 1995/05/05 18:05:26 lamont Exp
|
|
.Dd May 5, 1995
|
|
.Os FreeBSD
|
|
.Dt M3SOCKS.CONF 5
|
|
.Sh NAME
|
|
.Nm m3socks.conf
|
|
.Nd configuration file for Modula-3 socks clients
|
|
.Sh DESCRIPTION
|
|
The Modula-3 SOCKS library reads its configuration information from
|
|
.Pa /usr/local/etc/m3socks.conf
|
|
when
|
|
.Fn bind
|
|
or
|
|
.Fn connect
|
|
is called.
|
|
If the file does not exist, then the environment variable
|
|
.Ev SOCKS_CONF
|
|
is expected to give the name of the configuration file.
|
|
.Pp
|
|
Each non-blank, non-comment line in the file contains a direction on how
|
|
to process requests that match certain criteria.
|
|
Comments are denoted by a
|
|
.Ql #
|
|
at any point in the line prior to the
|
|
.Ic : Ns Ar shellcmd ,
|
|
if present.
|
|
Non-comment lines take the form:
|
|
.Pp
|
|
.Bl -item -compact
|
|
.It
|
|
.Ic bind default Ns \*(Ba Ns Ic wild
|
|
.It
|
|
.Ic domain Ar domain
|
|
.It
|
|
.Ic nameserver Ar nameserver
|
|
.It
|
|
.Ic findserver Ar findserver
|
|
.It
|
|
.Ic sockd
|
|
.Op Ic @= Ns Ar server
|
|
.Op Ic *= Ns Ar users
|
|
.Ar destspec
|
|
.Op Ar op Ar dport Op Ar dport2
|
|
.Op Ic : Ns Ar shellcmd
|
|
.It
|
|
.Ic direct
|
|
.Op Ic *= Ns Ar users
|
|
.Ar destspec
|
|
.Op Ar op Ar dport Op Ar dport2
|
|
.Op Ic : Ns Ar shellcmd
|
|
.It
|
|
.Ic deny
|
|
.Op Ic *= Ns Ar users
|
|
.Ar destspec
|
|
.Op Ar op Ar dport Op Ar dport2
|
|
.Op Ic : Ns Ar shellcmd
|
|
.El
|
|
.Pp
|
|
Fields are constructed as follows:
|
|
.Bl -tag -width Fl
|
|
.It Ar domain
|
|
The
|
|
.Dq local
|
|
domain: the default name resolver is assumed to have
|
|
information for all hosts in
|
|
.Ar domain .
|
|
The user can override this field using the
|
|
.Ev SOCKS_LOCAL_DOMAIN
|
|
environment variable.
|
|
To indicate that the default server is able to resolve all addresses,
|
|
use the command:
|
|
.Ql domain \&. .
|
|
.It Ar nameserver
|
|
A comma separated list of name servers that are able to resolve addresses
|
|
outside of
|
|
.Ar domain .
|
|
The user can override this field using the
|
|
.Ev SOCKS_NS
|
|
environment variable.
|
|
.It Ar findserver
|
|
One of
|
|
.Ic Yes
|
|
or
|
|
.Ic \&No .
|
|
The default is
|
|
.Ic Yes .
|
|
If set, the client will attempt to find the
|
|
.Dq best
|
|
SOCKS server, based
|
|
on the results of looking up
|
|
.Ar destnet Ns Ic .socks-addr
|
|
(note that this is not an FQDN).
|
|
.Ar destnet
|
|
consists of the first one, two, or three octets of the destination network,
|
|
depending on whether the destination network is class A, B, or C. The octets
|
|
are used in reverse order, just like
|
|
.Ic IN-ADDR.ARPA .
|
|
For example, if the destination address is 129.105.69.100, then a search for
|
|
TXT records for '105.129.socks-addr' would be made. If any TXT records are
|
|
found, the record is prepended
|
|
to the list of servers from the config file. There is no environment
|
|
variable to override this.
|
|
.Pp
|
|
If clear
|
|
.Pq Ic findserver Ic \&No ,
|
|
then the lookup is not performed.
|
|
.It Ar server
|
|
A comma separated list of SOCKS servers that can
|
|
be used as proxy for this destination. No spaces or tabs are allowed
|
|
inside the list. Names beginning with a
|
|
.Ql $
|
|
are expanded from the users
|
|
environment. Each server in the list is tried until a successful
|
|
connection is established. When a server has multiple addresses, it
|
|
is assumed to be a group of hosts: the address list is randomized and
|
|
each address is tried before proceeding to the next name in the list.
|
|
The user can override this field using the
|
|
.Ev SOCKS_SERVER
|
|
environment variable.
|
|
.It Ar users
|
|
Specifies the users on the requesting host (not the destination host
|
|
or server host) to whom this line should apply. This is a comma
|
|
separated list of names and/or filenames, with no spaces or tabs.
|
|
Filenames must be fully qualified with a leading
|
|
.Ql / .
|
|
Inside the file, user names may be listed one or several
|
|
per line, with spaces, tabs, and commas being valid separators.
|
|
The appearance of
|
|
.Ql #
|
|
marks the remainder of the line as a comment. Each line in a file
|
|
is limited to 1023 characters. If
|
|
.Ar users
|
|
is omitted, the line applies to all users.
|
|
.It Ar destspec
|
|
The destination specification, which is either
|
|
.Ar daddr dmask
|
|
or
|
|
.Ic *. Ns Ar some.domain ,
|
|
which indicates that the line applies to all IP addresses
|
|
whose reverse lookup, using
|
|
.Fn gethostbyaddr ,
|
|
produces a name ending in
|
|
.Ql Cm . Ns Ar some.domain .
|
|
.It Ar daddr
|
|
The destination address to which this line applies. This is
|
|
usually specified in dotted form (e.g., 15.28.96.137).
|
|
If a hostname is used, then the first address returned by
|
|
.Fn gethostbyname
|
|
is used.
|
|
.It Ar dmask
|
|
Mask for
|
|
.Ar daddr ,
|
|
in dotted form. Bits in
|
|
.Ar dmask
|
|
which are 0 are ignored in
|
|
.Ar daddr .
|
|
Specifying 255.255.255.255 requires an exact match, while 0.0.0.0 matches
|
|
regardless of the value of
|
|
.Ar daddr .
|
|
This is the same way netmasks are specified, and is the opposite
|
|
of the interpretation used in older versions of SOCKS.
|
|
.It Ar op dport Op Ar dport2
|
|
A constraint on the destination TCP port.
|
|
If
|
|
.Ar op
|
|
is
|
|
.Ic eq ,
|
|
.Ic neq ,
|
|
.Ic \< ,
|
|
.Ic gt ,
|
|
.Ic le ,
|
|
or
|
|
.Ic ge ,
|
|
the destination port must have the corresponding relation to
|
|
.Ar dport .
|
|
If
|
|
.Ar op
|
|
is
|
|
.Ic btw ,
|
|
the destination port must be between
|
|
.Ar dport
|
|
and
|
|
.Ar dport2 ,
|
|
inclusive.
|
|
.It Ic : Ns Ar shellcmd
|
|
When the line is matched,
|
|
.Ar shellcmd
|
|
is passed to
|
|
.Pa /bin/sh ,
|
|
with stdin, stdout, and stderr redirected to
|
|
.Pa /dev/null .
|
|
The following substitutions occur before the string
|
|
is presented to the shell:
|
|
.Bl -tag -width \&%Xxx
|
|
.It Cm \&%A
|
|
replaced by the client host's domainname if known,
|
|
by its IP address otherwise.
|
|
.It Cm \&%a
|
|
replaced by the client host's IP address.
|
|
.It Cm \&%c
|
|
replaced by
|
|
.Ql connect
|
|
or
|
|
.Ql bind .
|
|
.It Cm \&%p
|
|
replaced by the process id of the client program.
|
|
.It Cm \&%S
|
|
replaced by the service name (e.g., ftp) if known,
|
|
by the destination port number otherwise.
|
|
.It Cm \&%s
|
|
replaced by the destination port number.
|
|
.It Cm \&%U
|
|
replaced by the user-id at login.
|
|
.It Cm \&%u
|
|
replaced by the effective user-id.
|
|
.It Cm \&%Z
|
|
replaced by the destination host's domainname if known,
|
|
by its IP address otherwise.
|
|
.It Cm \&%z
|
|
replaced by the destination host's IP address.
|
|
.It Cm \&%%
|
|
replaced by a single
|
|
.Ql \&% .
|
|
.El
|
|
.El
|
|
.Sh EXAMPLES
|
|
All connections to net 15 are local:
|
|
.Dl Ic direct 15.0.0.0 255.0.0.0
|
|
.Pp
|
|
Deny all requests destined for hosts on network 23:
|
|
.Dl Ic deny 23.0.0.0 255.0.0.0
|
|
.Pp
|
|
Use the server my-server for hosts on network 36:
|
|
.Dl Ic sockd @=my-server 36.0.0.0 255.0.0.0
|
|
.Pp
|
|
A typical complete configuration file:
|
|
.Bd -literal -offset indent
|
|
# The default name server is used for addresses inside
|
|
# the FreeBSD.org domain.
|
|
domain FreeBSD.org
|
|
# ns.FreeBSD.org is used as the name server for addresses
|
|
# outside FreeBSD.org.
|
|
nameserver ns.FreeBSD.org
|
|
# Don't find socks servers automatically.
|
|
findserver No
|
|
# All local connections are direct.
|
|
direct *.FreeBSD.org
|
|
# All other connections use the SOCKS server
|
|
# on socks.FreeBSD.org.
|
|
sockd @=socks.FreeBSD.org 0.0.0.0 0.0.0.0
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr m3socks 1
|
|
.Sh AUTHORS
|
|
SOCKS was developed by David Koblas and Ying-Da Lee.
|
|
The HP enhancements were done by LaMont Jones.
|