docs: update socks doc

This commit is contained in:
KujouRinka 2024-01-27 20:59:41 +08:00
parent ff27ee512a
commit bd724f43c0

View File

@ -269,64 +269,42 @@ Example for blocking Trojan connections:
expr: trojan != nil && trojan.yes expr: trojan != nil && trojan.yes
``` ```
## SOCKS4/SOCKS4A ## SOCKS
SOCKS4: SOCKS4:
```json5 ```json5
{ {
"socks4": { "socks": {
"version": 4,
"req": { "req": {
"cmd": 1, // 0x01: connect, 0x02: bind "cmd": 1,
"ip": "1.1.1.1", "addr_type": 1, // same with socks5
"addr": "1.1.1.1",
// for socks4a
// "addr_type": 3,
// "addr": "google.com",
"port": 443, "port": 443,
"user_id": "user_id" "auth": {
"user_id": "user"
}
}, },
"resp": { "resp": {
"rep": 90, // 0x5A(90): granted "rep": 90, // 0x5A(90) granted
"ip": "1.1.1.1", "addr_type": 1,
"addr": "1.1.1.1",
"port": 443 "port": 443
} }
} }
} }
``` ```
SOCKS4A:
```json5
{
"socks4": {
"req": {
"cmd": 1, // 0x01: connect, 0x02: bind
"ip": "0.0.0.1",
"port": 443,
"user_id": "user_id",
"hostname": "google.com"
},
"resp": {
"rep": 90, // 0x5A(90): granted
"ip": "0.0.0.1",
"port": 443
}
}
}
```
Example for blocking connections to `google.com:80`:
```yaml
- name: block baidu socks
action: block
expr: string(socks4?.req?.hostname) endsWith "bilibili.com" && socks4?.req?.port == 80
```
## SOCKS5
SOCKS5 without auth: SOCKS5 without auth:
```json5 ```json5
{ {
"socks5": { "socks": {
"version": 5,
"req": { "req": {
"cmd": 1, // 0x01: connect, 0x02: bind, 0x03: udp "cmd": 1, // 0x01: connect, 0x02: bind, 0x03: udp
"addr_type": 3, // 0x01: ipv4, 0x03: domain, 0x04: ipv6 "addr_type": 3, // 0x01: ipv4, 0x03: domain, 0x04: ipv6
@ -353,7 +331,8 @@ SOCKS5 with auth:
```json5 ```json5
{ {
"socks5": { "socks": {
"version": 5,
"req": { "req": {
"cmd": 1, // 0x01: connect, 0x02: bind, 0x03: udp "cmd": 1, // 0x01: connect, 0x02: bind, 0x03: udp
"addr_type": 3, // 0x01: ipv4, 0x03: domain, 0x04: ipv6 "addr_type": 3, // 0x01: ipv4, 0x03: domain, 0x04: ipv6
@ -382,11 +361,11 @@ SOCKS5 with auth:
Example for blocking connections to `google.com:80` and user `foobar`: Example for blocking connections to `google.com:80` and user `foobar`:
```yaml ```yaml
- name: Block SOCKS5 google.com:80 - name: Block SOCKS google.com:80
action: block action: block
expr: string(socks5?.req?.addr) endsWith "google.com" && socks5?.req?.port == 80 expr: string(socks?.req?.addr) endsWith "google.com" && socks?.req?.port == 80
- name: Block SOCKS5 user foobar - name: Block SOCKS user foobar
action: block action: block
expr: socks5?.req?.auth?.method == 2 && socks5?.req?.auth?.username == "foobar" expr: socks?.req?.auth?.method == 2 && socks?.req?.auth?.username == "foobar"
``` ```