#96 issue about socks acls with network/host address as dhost

[Guillaume Binter]

Good Evening Everyone,

This year, I'm working on the ss5 solution to implement a socks server proxy for a professional project.

Nevertheless, I discovered a problem with socks 5, Indeed about the configuration <access list=""> for many rules in order to open the network traffic, permits or denies are not taken into account by the application if the dhost is a network address or a host address. In fact in socks5, we can just create many rules with domain names (fqdn) or 0.0.0.0/0 (all interfaces) as dhost for it to work.</access>

But if we switch in socks4, we can see that the rules have been taken into account

with dhosts as network address or host address but not fqdn.

On the other hand, I have two questions. The first one is how the 's' method for 'secure basic authentication' works for “secure basic authentification” because I want to secure the authentification between the source host and the socks server before to sending the betwork traffic. I don't know if "s" is based on ss5.passwd file in order to check inside if client login matches an account line in this file ?

Like this basic « u » method. Because if I just take « s » in my ss5.conf (for example : auth 192.168.1.2 – s and permit s 192.168.1.2 – 0.0.0.0/0 123 - - - -) then I get this error in my ss5.log à ... "" "" ISERROR - - - (-:- -- -:-) (Socks method unknown or bad request).

And the second question is about these flags à SS5_SYSLOG_FACILITY and SS5_SYSLOG_LEVEL I don't see the difference in my logs if I set "set SS5_SYSLOG_FACILITY LOCAL_6 and SS5_SYSLOG_LEVEL LOCAL_INFO » in my ss5.conf.

Your answers to my request will help me a lot in my project😊.

Thank you for your time and have a nice day.

[Guillaume Binter]

For information: Even if I specify the /mask on the example dhost: 10.0.0.1/32 the line "permit or deny" is always ignored

[Guillaume Binter]

And its LOG_LOCAL6 and LOG_INFO not LOCAL_6 and LOCAL_INFO