socks-router

Thin facade layer on top of openssh’s dynamic proxy with slightly more sophiscated configurable routing rules

Usage

socks-router --help

Routing Table

Grammar

routing_table := "" | comment | routing_rule [[comment] end_of_line routing_table]
routing_rule := upstream_address whitespaces patterns
comment := [whitespaces] "#"  [whitespaces] .*

upstream_address := [upstream_scheme "://"] address
address := ipv4_address | ipv6_address | host_address

upstream_scheme := "ssh" | "socks5" | "socks5h"

patterns := pattern [whitespaces patterns]
pattern := ["!"] "[^ \t\r\n]+"

ipv4_address := ipv4 [":" port]
ipv6_address := ("[" ipv6 "]:" port) | ipv6
host_address := host [":" port]

whitespaces := whitespace | whitespaces
whitespace := " " | "\t"
end_of_line := "\r\n" | "\r" | "\n"

Example

# ~/.ssh/routes

# default upstream scheme: ssh://
# use ssh host foo's dynamic proxy to connect to bar.com
foo bar.com
# use ssh host foo's dynamic proxy to connect to *.bar.com
foo *.bar.com
# use ssh host foo's dynamic proxy to connect to *.google.com but abc.bar.com
foo *.bar.com !abc.bar.com
ssh://foo *.google.com

# transparent socks5 / socks5h upstreams
# perform DNS resolution in socks-router
socks5://foo-bar.baz hello-world.com
# defer the DNS resolution to upstream
socks5h://foo-bar.baz hello-world.com

Development

poetry install

poetry run pytest --cov-report html

NOTE: pre-commit hooks are set up

Table of Content

CHANGELOG

v0.1.0 (2024-06-13)

Chore

  • chore: ensure ssh permissions (76be670)

  • chore: verbose ssh flag (79295d5)

  • chore: ssh on mac (1cd4999)

  • chore: sshd config on mac (2265c34)

  • chore: test ssh (469b528)

  • chore: restart ssh (470e909)

  • chore: restart ssh (a39b51c)

  • chore: ssh config (3321fab)

  • chore: set AddressFamily to any in sshd_config (2aadf01)

  • chore: added debug log on OSError (ebc4331)

  • chore: improve exception logging (2196806)

  • chore: changed log level in utils (6420457)

  • chore: better handling for exceptions (26fbe30)

  • chore: removed unused code (dfb14f6)

  • chore: fixed typo (05fac3e)

  • chore: added pytest into pre-commit hooks (bd3aca2)

  • chore: fixed linter errors (fd16a0c)

  • chore: initial check-in (565e063)

Ci

  • ci: fix default branch checking (557bcbf)

  • ci: fix ssh command test (1d4903f)

  • ci: fix ssh command test (bd9fdb6)

  • ci: use native traceback in pytest (52c2ff3)

  • ci: ssh config (09bad9e)

  • ci: ssh MaxAuthTries 100 (91c0112)

  • ci: ssha (813398e)

  • ci: ssh (18b7961)

  • ci: ssh config (b6a4c1f)

  • ci: host key (c8bb0f0)

  • ci: attempt to connect to sshd first (a5f8e6c)

  • ci: leave ListenAddress alone (3dbe22d)

  • ci: write logs to junitxml (3409343)

  • ci: lock mypy at 415d49f25b6315cf1b7a04046a942246a033498d (3ea10c6)

  • ci: add colors to github actions (9837b45)

  • ci: add colors to github actions (699ea7b)

  • ci: always proceed to consolidation and sonarqube (970442b)

  • ci: sed compatibility (056406f)

  • ci: quoting (9e1e5da)

  • ci: quoting (6b3e8da)

  • ci: accomodate mac (c9e2558)

  • ci: set +e in start-ssh-agent (52438a6)

  • ci: fix ssh-keygen (d426fd3)

  • ci: specify path for id_rsa (7eed841)

  • ci: fixed permission issue (858bee1)

  • ci: fixed quotes in action (1c55f25)

  • ci: added shell parameter in action (55f9d19)

  • ci: setup sshd (e2b3a1a)

  • ci: fixed pipeline (b207d42)

  • ci: fixed sphinx (1190ed4)

  • ci: fixed sonar-project.properties (dd1bf6d)

  • ci: use –non-interactive in ci (b7c2aea)

  • ci: use sonarqube on-premise (d5c919c)

  • ci: added python version (d62a933)

  • ci: added python version (319b018)

  • ci: fix setup (4ef0956)

  • ci: added –enable-incomplete-feature=NewGenericSyntax (9f746a9)

Feature

  • feat: implemented socks-router (a59afc2)

Fix

  • fix: show sshd_config (9c010c3)

  • fix: pattern matching should match any port if port not given in routing table (b71b215)

Performance

  • perf: fixed connection reset problem (422da33)

Refactor

  • refactor: refactored pattern logic (a61d4e0)

  • refactor: use Annotated to handle struct packing (3508f7a)

  • refactor: extends ThreadingTCPServer (f1003fb)

  • refactor: fixed typing (cd79854)

  • refactor: fixed ruff errors (47a92bb)

Test

  • test: force ipv4 for destination for when_upstream_server_does_not_behave (26db9c7)

  • test: remove fixture to fix ScopeMismatch (6f34b1c)

  • test: fix linux test case (ecb17fa)

  • test: refactored proxies (174c15d)

  • test: use StringIO for stdout and stderr (7fac1a0)

  • test: specify identity file (7954c1a)

  • test: cover router (aceea3e)

  • test: cover router (4657e15)

  • test: fully covered utils (993c071)

  • test: cover read_socket (21a5f76)

  • test: cover utils (cf5f6d4)

  • test: testing router (8cbf208)

  • test: fully test cli (b48388f)

  • test: added test case to ensure non-sock5 versions are not handled (ffd2d75)

  • test: testing socks-router with itself (4bee59f)

  • test: added tests to router (5635fc9)

Unknown

Indices and tables