Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 2a54bb74cd7eaec573941a74b165d3586a8ea528^! / . / doc
commit2a54bb74cd7eaec573941a74b165d3586a8ea528[log] [tgz]
authorAlexander Liu <alec@atplatform.net>Wed May 22 19:44:48 2019 +0800
committerWilly Tarreau <w@1wt.eu>Fri May 31 17:24:06 2019 +0200
treeef4e4c9493e514292c9102c479ac938b6af71c75
parentcfbb3e6560c8177752a6a29ca5736f0678784818 [diff]
MEDIUM: connection: Upstream SOCKS4 proxy support

Have "socks4" and "check-via-socks4" server keyword added.
Implement handshake with SOCKS4 proxy server for tcp stream connection.
See issue #82.

I have the "SOCKS: A protocol for TCP proxy across firewalls" doc found
at "https://www.openssh.com/txt/socks4.protocol". Please reference to it.

[wt: for now connecting to the SOCKS4 proxy over unix sockets is not
 supported, and mixing IPv4/IPv6 is discouraged; indeed, the control
 layer is unique for a connection and will be used both for connecting
 and for target address manipulation. As such it may for example report
 incorrect destination addresses in logs if the proxy is reached over
 IPv6]

diff --git a/doc/SOCKS4.protocol.txt b/doc/SOCKS4.protocol.txt
new file mode 100644
index 0000000..06aee8a
--- /dev/null
+++ b/doc/SOCKS4.protocol.txt

@@ -0,0 +1 @@
+Please reference to "https://www.openssh.com/txt/socks4.protocol".
\ No newline at end of file

diff --git a/doc/configuration.txt b/doc/configuration.txt
index dcbe1eb..26d473b 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -11900,6 +11900,11 @@
   See the "ssl" option for more information and "no-check-ssl" to disable
   this option.
 
+check-via-socks4
+  This option enables outgoinng health checks using upstream socks4 proxy. By
+  default, the health checks won't go through socks tunnel even it was enabled
+  for normal traffic.
+
 ciphers <ciphers>
   This setting is only available when support for OpenSSL was built in. This
   option sets the string describing the list of cipher algorithms that is
@@ -12560,6 +12565,11 @@
   It may also be used as "default-server" setting to reset any previous
   "default-server" "non-stick" setting.
 
+socks4 <addr>:<port>
+  This option enables upstream socks4 tunnel for outgoinng connections to the
+  server. Using this option won't force the health check to go via socks4 by
+  default. You will have to use the keyword "check-via-socks4" to enable it.
+
 tcp-ut <delay>
   Sets the TCP User Timeout for all outgoing connections to this server. This
   option is available on Linux since version 2.6.37. It allows haproxy to