Skip to content

v0.3.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 04 Jun 07:50
· 37 commits to main since this release
v0.3.0
f794175
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security & robustness hardening from a full SOCKS5 audit. Every fix is covered
by a regression test (written test-first) and was validated on a live Linux
deployment.

Security

  • Verify username/password credentials in constant time, removing an auth
    timing side channel (RFC 1929).
  • Egress filtering, on by default: refuse to relay to loopback, link-local
    (including the 169.254.169.254 cloud-metadata address), and private/RFC1918
    ranges — an SSRF / open-relay guard. Configurable via a new [egress] section.
  • Bound the pre-relay handshake with timeouts.handshake_ms (default 10s) so a
    stalled client cannot pin a task and its file descriptor (pre-auth slowloris).
  • Enforce connection limits at accept time, counting half-open/handshaking
    connections, with a new per-source-IP cap (limits.max_per_ip).
  • Restrict the admin Unix socket to mode 0600 under a 0700 directory the
    server creates itself.

Added

  • New configuration options: timeouts.handshake_ms, the [egress] policy,
    limits.max_per_ip, limits.udp_max_targets, and limits.udp_rate_pps.
  • Simplified-Chinese README (README.zh-CN.md) with a language switcher.

Changed

  • limits.max_connections is now enforced at accept time (replacing an
    ineffective post-request check that a half-open flood could bypass).

Fixed

  • Bound the CONNECT relay with write / idle / DNS-resolution timeouts so a stuck
    peer or a slow resolver cannot pin a relay forever.
  • Harden the UDP relay: bounded known-target set, exact client ip:port
    locking, egress checks on targets, an optional pps rate cap, and a send_to
    timeout so a saturated send buffer cannot stall the relay loop.
  • Forward graceful shutdown into in-flight CONNECT relays and UDP associations
    so active transfers wind down promptly instead of surviving until teardown.
  • Relay bytes a client pipelines after the handshake instead of dropping them
    (no silent stream truncation).
  • Send a best-effort RFC 1929 failure reply on malformed auth instead of a
    silent TCP close.
  • Recover from a poisoned metrics registry mutex instead of cascading panics
    from a single task failure.
Assets 4
Loading