search

apernet / OpenGFW

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux
https://gfw.dev/
Mozilla Public License 2.0
9.47k stars 711 forks source link

Add Socks4/4a Analyzer #35

Closed KujouRinka closed 7 months ago

KujouRinka commented 7 months ago

I add an analyzer for socks4 and socks4a.

PropMap of:

tobyxdd commented 7 months ago

Maybe it would be better to combine the two as a single socks analyzer, but have it internally check for the version number and handle accordingly?

KujouRinka commented 7 months ago

You means like this?

{
  "socks":{
    "version": 5,   // 4 or 5
    "req": {
      // ... req 5 fields
    }, 
    "resp": {
      // ... resp 5 fields
    }
  }
}

socks.version field decide what in socks.req and socks.resp, and if possible, merge socks4.go and socks5.go into one.

tobyxdd commented 7 months ago

Yes, because if I understand correctly, the fields of both protocols are largely the same

KujouRinka commented 7 months ago

After mergering these two, PropMap of socks4 now:

SOCKS4:

{
  "socks": {
    "version": 4,
    "req": {
      "cmd": 1,
      "addr_type": 1,     // same with socks5
      "addr": "1.1.1.1",
      // for socks4a
      // "addr_type": 3,
      // "addr": "google.com",
      "port": 443,
      "auth": {
        "user_id": "user"
      }
    },
    "resp": {
      "rep": 90,          // 0x5A(90) granted
      "addr_type": 1,
      "addr": "1.1.1.1",
      "port": 443
    }
  }
}

For socks5, add a "version": 5 field with others unchanged.

tobyxdd commented 7 months ago

Thanks again for your contribution!