dante.conf - socks client configuration file syntax
The configuration file for the socks client library allow control
over logging and server selection. It is divided into two parts; global
settings and routes. A line can be commented using the standard comment
character #.
The global settings are in the form of a keyword followed by a
colon and the value.
- debug
- Setting this field to 1 turns on debugging.
- logoutput
- This value controls where the client library sends logoutput. It can be
either syslog, stdout, stderr, a filename, or a
combination. The default is no logging.
- resolveprotocol
- The protocol used to resolve hostnames. Valid values are udp,
tcp and fake. The default is udp.
- route.badexpire
- How long the "bad" marking of a route should remain set before
it is removed. Default is 300 seconds.
- route.maxfail
- How many times a route can fail before it is marked as bad. Default is
1.
- timeout.connect
- The number of seconds the client will wait for a connect to the proxy
server to complete. The default is 0, indicating the client should use the
systems default.
The routes are specified with a route keyword. Inside a
pair of parenthesis ({}) a set of keywords control the behavior of the
route. Each route can contain three address specifications;
from, to and via. A route is selected for a connection
based on the values within the route block.
When searching for a route to match the clients request, the
library will first look for a direct route. Then for a
socks_v4 route, a socks_v5 route, a http route, and
lastly for a upnp route.
Depending on how the library is configured and environment
variables set (see the manual for socksify(1)), there may or may not
be an automatic fallback to an auto-generated direct route if no
other route is found.
The route block can contain the following:
- ADDRESSES
- Each address field can consist of a IP-address (and where meaningful, a
netmask, separated from the IP-address by a '/' sign.), a hostname,
a domainname (designated by the leading '.'), or an interfacename
(where meaningful). Each address can be followed by a optional port
specifier.
- from
- The route is used only by requests coming from the address given as
value.
- to
- The route is used only by requests going to the address given as
value.
- via
- Address of the proxy server that should be used as a gateway for the
connection, or the special value direct to indicate the connection
should be direct rather than go via any proxy server.
In the case of upnp, the address can also be the name
of the interface to use for discovering the upnp controlpoint, if the
full url for the IGD is not yet known, or the special value
broadcast to indicate the client should broadcast for an
upnp-router on all available network interfaces.
- port
- Parameter to from, to and via. Accepts the keywords
eq/=, ne/!=, ge/>=, le/<=, gt/>, lt/< followed by a
number. A portrange can also be given as "port <start #> -
<end #>", which will match all port numbers within the range
<start #> and <end #>.
- clientcompatibility
- Enables certain options for compatibility with broken servers. Valid
values are: necgssapi, for compatibility with servers implementing
gssapi the NEC socks way.
- command
- The server supports the given commands. Valid commands are bind,
bindreply, connect, udpassociate and udpreply.
The default is all commands supported by the protocols set for the route.
Can be used instead of, or to complement, protocol.
- gssapi.enctype
- Which encryption to enforce for GSSAPI-authenticated communication.
Possible values are clear, integrity, or
confidentiality. The default is to try for confidentially, but
accept whatever the server offers except clear, as clear is
not part of the SOCKS GSSAPI standard.
- gssapi.servicename
- Which servicename to use when involving GSSAPI. Default is
"rcmd".
- method
- List of authentication methods the client supports and which to
offer the server. Currently supported values are none,
gssapi, and username. The default is all supported
methods.
- protocol
- The protocols the server supports. Supported values are tcp and
udp. The default is all supported protocols.
- proxyprotocol
- The proxy protocols the server supports. Currently supported values are
socks_v4, socks_v5, http, and upnp. The
default is socks_v4 and socks_v5. Note that if the socks
server requires any form of authentication, you need to explicitly set
this to to socks_v5, as v4 does not support authentication.
See the example directory in the distribution.
- SOCKS_USERNAME
- Use the value of SOCKS_USERNAME as the username when doing username
authentication.
- SOCKS_PASSWORD
- Use the value of SOCKS_PASSWORD as the password when doing username
authentication. Not recommended as other users on the system might be able
to see your password.
- SOCKS_AUTOADD_LANROUTES
- If this variable is set to "no", the client will not try to
auto-add direct routes for all addresses on the LAN. The default is to add
them.
- SOCKS_DISABLE_THREADLOCK
- If this variable is set, the client will not perform threadlocking. The
default is for the client to attempt to figure out for itself whether the
application to socksify needs threadlocking or not.
Some additional environment variables are documented in
socksify(1).
For inferno Nettverk A/S:
Michael Shuldman
Karl-Andre' Skevik
See the accompanying BUGS file. New ones should be reported to
dante-bugs@inet.no.