On 13/03/2013 9:40 p.m., James Harper wrote:
Forging a reply as I'm not actually subscribed to -dev and the replies didn't
cc me...
What is wrong with the dante socks server ? Why the effort with squid supporting
socks ?
Much easier to maintain a single set of rules. I installed Dante but the group
auth modules appear to be $$$ extras.
Also reporting on squid logs is already a solved problem. Merging squid and
dante logs to try and report would be harder
Is anyone working on this?
Not since I gave up on that branch. My SOCKS configuration an testing skills
were
not up to the task. If you have better success you are welcome to continue it.
The problem I faced at the end was that Squid was apparently transiting traffic
and I could not identify whether it was arriving as HTTP-over-SOCKS or
HTTP-over-TCP,
so there was no way to identify if the socks-enabled versus socks-disabled port
settings were working or not.
I took a slightly different approach and created a socks_port config option,
which at the moment simply duplicates the http_port (eg it understands HTTP not
SOCKS). I'm not sure whether it really belongs in a different file or can be
incorporated into the existing file.
The SOCKS protocol itself is very simple, the only exception maybe being
authentication and encryption (I think socks5 can be encrypted). A basic
connect-only implementation shouldn't be that hard, but it would be nice to
also use bind and udp as then squid could be a complete gateway solution
instead of just http/https/ftp like it is now. That would be harder though,
obviously.
Yes.
Are you planning on writing the SOCKS protocol handshake inside Squid
code or using a socks library for the network I/O?
Amos
