From 90542be7f2340c20b9d14a0e7ab47131b3dd92d8 Mon Sep 17 00:00:00 2001 From: Toby Date: Fri, 26 Jan 2024 14:03:22 -0800 Subject: [PATCH] docs: add SOCKS5 --- README.md | 6 +++++- README.zh.md | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97abf11..b6d89de 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Linux that's in many ways more powerful than the real thing. It's cyber sovereig ## Features - Full IP/TCP reassembly, various protocol analyzers - - HTTP, TLS, DNS, SSH, and many more to come + - HTTP, TLS, DNS, SSH, SOCKS5, and many more to come - "Fully encrypted traffic" detection for Shadowsocks, etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) - Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer) @@ -103,6 +103,10 @@ to [Expr Language Definition](https://expr-lang.org/docs/language-definition). a: "0.0.0.0" aaaa: "::" expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"}) + +- name: block google.com:80 via SOCKS5 + action: block + expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80 ``` #### Supported actions diff --git a/README.zh.md b/README.zh.md index d9633c7..059ba6f 100644 --- a/README.zh.md +++ b/README.zh.md @@ -18,7 +18,7 @@ OpenGFW 是一个 Linux 上灵活、易用、开源的 [GFW](https://zh.wikipedi ## 功能 - 完整的 IP/TCP 重组,各种协议解析器 - - HTTP, TLS, DNS, SSH, 更多协议正在开发中 + - HTTP, TLS, DNS, SSH, SOCKS5, 更多协议正在开发中 - Shadowsocks 等 "全加密流量" 检测 (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf) - 基于 Trojan-killer 的 Trojan 检测 (https://github.com/XTLS/Trojan-killer) - [开发中] 基于机器学习的流量分类 @@ -99,6 +99,10 @@ workers: a: "0.0.0.0" aaaa: "::" expr: dns != nil && dns.qr && any(dns.questions, {.name endsWith "v2ex.com"}) + +- name: block google.com:80 via SOCKS5 + action: block + expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80 ``` #### 支持的 action