docs: update socks rules

README.ja.md

@@ -15,7 +15,7 @@ OpenGFW は、Linux 上の [GFW](https://en.wikipedia.org/wiki/Great_Firewall)
 
 ## 特徴
 
-- フルIP/TCP再アセンブル、各種プロトコルアナライザー
+- フル IP/TCP 再アセンブル、各種プロトコルアナライザー
   - HTTP、TLS、DNS、SSH、その他多数
   - Shadowsocks の"完全に暗号化されたトラフィック"の検出、
     など。 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
@@ -99,6 +99,10 @@ workers:
       a: "0.0.0.0"
       aaaa: "::"
   expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"})
+
+- name: block google socks
+  action: block
+  expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80
 ```
 
 #### サポートされるアクション

README.md

@@ -3,7 +3,6 @@
 [![License][1]][2]
 
 [1]: https://img.shields.io/badge/License-MPL_2.0-brightgreen.svg
-
 [2]: LICENSE
 
 **[中文文档](README.zh.md)**
@@ -21,11 +20,11 @@ Linux that's in many ways more powerful than the real thing. It's cyber sovereig
 ## Features
 
 - Full IP/TCP reassembly, various protocol analyzers
-    - HTTP, TLS, DNS, SSH, SOCKS5, and many more to come
-    - "Fully encrypted traffic" detection for Shadowsocks,
-      etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
-    - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer)
-    - [WIP] Machine learning based traffic classification
+  - HTTP, TLS, DNS, SSH, SOCKS5, and many more to come
+  - "Fully encrypted traffic" detection for Shadowsocks,
+    etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
+  - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer)
+  - [WIP] Machine learning based traffic classification
 - Full IPv4 and IPv6 support
 - Flow-based multicore load balancing
 - Connection offloading
@@ -105,9 +104,9 @@ to [Expr Language Definition](https://expr-lang.org/docs/language-definition).
       aaaa: "::"
   expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"})
 
-- name: block google.com:80 via SOCKS5
+- name: block google socks
   action: block
-  expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80
+  expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80
 ```
 
 #### Supported actions

README.zh.md

@@ -3,7 +3,6 @@
 [![License][1]][2]
 
 [1]: https://img.shields.io/badge/License-MPL_2.0-brightgreen.svg
-
 [2]: LICENSE
 
 OpenGFW 是一个 Linux 上灵活、易用、开源的 [GFW](https://zh.wikipedia.org/wiki/%E9%98%B2%E7%81%AB%E9%95%BF%E5%9F%8E)
@@ -18,10 +17,10 @@ OpenGFW 是一个 Linux 上灵活、易用、开源的 [GFW](https://zh.wikipedi
 ## 功能
 
 - 完整的 IP/TCP 重组，各种协议解析器
-    - HTTP, TLS, DNS, SSH, SOCKS5, 更多协议正在开发中
-    - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
-    - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer)
-    - [开发中] 基于机器学习的流量分类
+  - HTTP, TLS, DNS, SSH, SOCKS5, 更多协议正在开发中
+  - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
+  - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer)
+  - [开发中] 基于机器学习的流量分类
 - 同等支持 IPv4 和 IPv6
 - 基于流的多核负载均衡
 - 连接 offloading
@@ -100,9 +99,9 @@ workers:
       aaaa: "::"
   expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"})
 
-- name: block google.com:80 via SOCKS5
+- name: block google socks
   action: block
-  expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80
+  expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80
 ```
 
 #### 支持的 action