Hi. cipriancraciun, nutinshell and I discussed in the issue above some Socks use cases.
Let me summarize the thread here. cipriancraciun suggest to handle socks similar to proxy protocol. https://github.com/haproxy/haproxy/issues/82#issuecomment-498004333 I don't think that socks could be handled in such simple way https://github.com/haproxy/haproxy/issues/82#issuecomment-498023780 nutinshell have another use case which is a `socks4-redirect` https://github.com/haproxy/haproxy/issues/82#issuecomment-498007739 I thought that a new action for tcp-request content could be a solution. https://github.com/haproxy/haproxy/issues/82#issuecomment-498051143 I see at least this use cases from this thread. * client with explicit SOCKS support -> HAProxy SOCKS frontend -> normal backend / servers -- useful for routing only specific domains through HAProxy The suggestion here is to handle socks in the same way as proxy protocol. As mentioned above I don't think that's that easy as the socks protocol is a request response system which proxy protocol isn't. There are also not only "the" socks protocol as there is socks4,socks4a and socks5 with different feature sets and requirements. From what I seen in the thread is only socks4 with command **connect** expected. This means that the client sends the destination ip and port therefore haproxy does not need to resolve the destination. >From my point of view it is at least a similar option like `accept-proxy` required for example `accept-socks(4|4a|5)` One of the question which is open is make `accept-proxy` and `accept-socks(4|4a|5)` sense? @cipriancraciun and others opinions? * client (with / without) SOCKS support -> HAProxy frontend -> SOCKS enabled server -- useful for traffic filtering, and redirection to a proper SOCKS proxy; The reason why the patch from alec isn't enough is that answer ``` >From what I read @alec-liu implemented SOCKS4 in the backend only as a way to submit requests for to a "fixed" server IP through a "fixed" SOCKS4 proxy server. ``` * socks4-redirect "here we want tcp go directly to socks." I though it could be handled with a new action in `tcp-request content ..` but I'm not sure. ``` for example tcp-request content redirect %[src,map(src2dest.txt)] [{if | unless} <condition>] ``` It would be nice to see how the redsocks2 server handle this redirect as what I have seen from the code are some firewall tools used for the solution. I had never such a requirement. Src: https://github.com/semigodking/redsocks/blob/master/base.c#L306-L318 @nutinshell It would be very helpful to understand what this `socks4-redirect` do on tcp/socks level. I think this feature would be nice in HAProxy but I also think it's a huge amount of work and increases the complexity to debug any errors. Please feel free to correct me if I'm wrong at any statement. Opinions, suggestions, patches? Best regards Aleks
