1IO::Socket::Socks(3) User Contributed Perl Documentation IO::Socket::Socks(3)
2
3
4
6 IO::Socket::Socks - Provides a way to create socks client or server
7 both 4 and 5 version.
8
10 Client
11 use IO::Socket::Socks;
12
13 my $socks_client = IO::Socket::Socks->new(
14 ProxyAddr => "proxy host",
15 ProxyPort => "proxy port",
16 ConnectAddr => "remote host",
17 ConnectPort => "remote port",
18 ) or die $SOCKS_ERROR;
19
20 print $socks_client "foo\n";
21 $socks_client->close();
22
23 Server
24 use IO::Socket::Socks ':constants';
25
26 my $socks_server = IO::Socket::Socks->new(
27 ProxyAddr => "localhost",
28 ProxyPort => 8000,
29 Listen => 1,
30 UserAuth => \&auth,
31 RequireAuth => 1
32 ) or die $SOCKS_ERROR;
33
34 while(1) {
35 my $client = $socks_server->accept();
36
37 unless ($client) {
38 print "ERROR: $SOCKS_ERROR\n";
39 next;
40 }
41
42 my $command = $client->command();
43 if ($command->[0] == CMD_CONNECT) {
44 # Handle the CONNECT
45 $client->command_reply(REPLY_SUCCESS, addr, port);
46 }
47
48 ...
49 #read from the client and send to the CONNECT address
50 ...
51
52 $client->close();
53 }
54
55 sub auth {
56 my ($user, $pass) = @_;
57
58 return 1 if $user eq "foo" && $pass eq "bar";
59 return 0;
60 }
61
63 "IO::Socket::Socks" connects to a SOCKS proxy, tells it to open a
64 connection to a remote host/port when the object is created. The
65 object you receive can be used directly as a socket (with "IO::Socket"
66 interface) for sending and receiving data from the remote host. In
67 addition to create socks client this module could be used to create
68 socks server. See examples below.
69
71 For complete examples of socks 4/5 client and server see `examples'
72 subdirectory in the distribution.
73
75 Socks Client
76 new( %cfg )
77
78 new_from_socket($socket, %cfg)
79
80 new_from_fd($socket, %cfg)
81
82 Creates a new IO::Socket::Socks client object. new_from_socket() is
83 the same as new(), but allows one to create object from an existing and
84 not connected socket (new_from_fd is new_from_socket alias). To make
85 IO::Socket::Socks object from connected socket see "start_SOCKS"
86
87 Both takes the following config hash:
88
89 SocksVersion => 4 or 5. Default is 5
90
91 Timeout => connect/accept timeout
92
93 Blocking => Since IO::Socket::Socks version 0.5 you can perform non-blocking connect/bind by
94 passing false value for this option. Default is true - blocking. See ready()
95 below for more details.
96
97 SocksResolve => resolve host name to ip by proxy server or
98 not (will resolve by client). This
99 overrides value of $SOCKS4_RESOLVE or $SOCKS5_RESOLVE
100 variable. Boolean.
101
102 SocksDebug => This will cause all of the SOCKS traffic to
103 be presented on the command line in a form
104 similar to the tables in the RFCs. This overrides value
105 of $SOCKS_DEBUG variable. Boolean.
106
107 ProxyAddr => Hostname of the proxy
108
109 ProxyPort => Port of the proxy
110
111 ConnectAddr => Hostname of the remote machine
112
113 ConnectPort => Port of the remote machine
114
115 BindAddr => Hostname of the remote machine which will
116 connect to the proxy server after bind request
117
118 BindPort => Port of the remote machine which will
119 connect to the proxy server after bind request
120
121 UdpAddr => Expected address where datagrams will be sent. Fill it with address
122 of all zeros if address is not known at this moment.
123 Proxy server may use this information to limit access to the association.
124
125 UdpPort => Expected port where datagrams will be sent. Use zero port
126 if port is not known at this moment. Proxy server may use this
127 information to limit access to the association.
128
129 AuthType => What kind of authentication to support:
130 none - no authentication (default)
131 userpass - Username/Password. For socks5
132 proxy only.
133
134 RequireAuth => Do not send ANON as a valid auth mechanism.
135 For socks5 proxy only
136
137 Username => For socks5 if AuthType is set to userpass, then
138 you must provide a username. For socks4 proxy with
139 this option you can specify userid.
140
141 Password => If AuthType is set to userpass, then you must
142 provide a password. For socks5 proxy only.
143
144 The following options should be specified:
145
146 (ProxyAddr and ProxyPort)
147 (ConnectAddr and ConnectPort) or (BindAddr and BindPort) or (UdpAddr and UdpPort)
148
149 Other options are facultative.
150
151 start_SOCKS($socket, %cfg)
152
153 This is a class method to start socks handshake on already connected
154 socket. This will bless passed $socket to IO::Socket::Socks class. %cfg
155 is like hash in the constructor. Only options listed below makes
156 sence:
157
158 Timeout
159 ConnectAddr
160 ConnectPort
161 BindAddr
162 BindPort
163 UdpAddr
164 UdpPort
165 SocksVersion
166 SocksDebug
167 SocksResolve
168 AuthType
169 RequireAuth
170 Username
171 Password
172 AuthMethods
173
174 On success this method will return same $socket, but as
175 IO::Socket::Socks object. On failure it will return undef (but socket
176 will be still blessed to IO::Socket::Socks class). See example:
177
178 use IO::Socket;
179 use IO::Socket::Socks;
180
181 my $sock = IO::Socket::INET->new("$proxy_host:$proxy_port") or die $@;
182 $sock = IO::Socket::Socks->start_SOCKS($sock, ConnectAddr => "google.com", ConnectPort => 80) or die $SOCKS_ERROR;
183
184 version( )
185
186 Returns socks version for this socket
187
188 ready( )
189
190 Returns true when socket becomes ready to transfer data (socks
191 handshake done), false otherwise. This is useful for non-blocking
192 connect/bind. When this method returns false value you can determine
193 what socks handshake need for with $SOCKS_ERROR variable. It may need
194 for read, then $SOCKS_ERROR will be SOCKS_WANT_READ or need for write,
195 then it will be SOCKS_WANT_WRITE.
196
197 Example:
198
199 use IO::Socket::Socks;
200 use IO::Select;
201
202 my $sock = IO::Socket::Socks->new(
203 ProxyAddr => 'localhost', ProxyPort => 1080, ConnectAddr => 'mail.com', ConnectPort => 80, Blocking => 0
204 ) or die $SOCKS_ERROR;
205
206 my $sel = IO::Select->new($sock);
207 until ($sock->ready) {
208 if ($SOCKS_ERROR == SOCKS_WANT_READ) {
209 $sel->can_read();
210 }
211 elsif ($SOCKS_ERROR == SOCKS_WANT_WRITE) {
212 $sel->can_write();
213 }
214 else {
215 die $SOCKS_ERROR;
216 }
217
218 # NOTE: when base class ($IO::Socket::Socks::SOCKET_CLASS) is IO::Socket::IP
219 # and you are using kqueue or epoll to check for readable/writable sockets
220 # you need to readd $sock to kqueue/epoll after each call to ready() (actually until socket will be connected to proxy server),
221 # because IO::Socket::IP may change internal socket of $sock for milti-homed hosts.
222 # There is no such problem when you are using select/poll
223 }
224
225 # you may want to return socket to blocking state by $sock->blocking(1)
226 $sock->syswrite("I am ready");
227
228 accept( )
229
230 Accept an incoming connection after bind request. On failed returns
231 undef. On success returns socket. No new socket created, returned
232 socket is same on which this method was called. Because accept(2) is
233 not invoked on the client side, socks server calls accept(2) and
234 proxify all traffic via socket opened by client bind request. You can
235 call accept only once on IO::Socket::Socks client socket.
236
237 command( %cfg )
238
239 Allows one to execute socks command on already opened socket. Thus you
240 can create socks chain. For example see "EXAMPLES" section.
241
242 %cfg is like hash in the constructor. Only options listed below makes
243 sence:
244
245 ConnectAddr
246 ConnectPort
247 BindAddr
248 BindPort
249 UdpAddr
250 UdpPort
251 SocksVersion
252 SocksDebug
253 SocksResolve
254 AuthType
255 RequireAuth
256 Username
257 Password
258 AuthMethods
259
260 Values of the other options (Timeout for example) inherited from the
261 constructor. Options like ProxyAddr and ProxyPort are not included.
262
263 dst( )
264
265 Return (host, port, address_type) of the remote host after
266 connect/accept or socks server (host, port, address_type) after
267 bind/udpassoc.
268
269 Socks Server
270 new( %cfg )
271
272 new_from_socket($socket, %cfg)
273
274 new_from_fd($socket, %cfg)
275
276 Creates a new IO::Socket::Socks server object. new_from_socket() is the
277 same as new(), but allows one to create object from an existing socket
278 (new_from_fd is new_from_socket alias). Both takes the following
279 config hash:
280
281 SocksVersion => 4 for socks4, 5 for socks5 or [4,5] if you want accept both 4 and 5. Default is 5
282
283 Timeout => Timeout value for various operations
284
285 Blocking => Since IO::Socket::Socks version 0.6 you can perform non-blocking accept by
286 passing false value for this option. Default is true - blocking. See ready()
287 below for more details.
288
289 SocksResolve => For socks v5: return destination address to the client
290 in form of 4 bytes if true, otherwise in form of host
291 length and host name.
292 For socks v4: allow use socks4a protocol extension if
293 true and not otherwise.
294 This overrides value of $SOCKS4_RESOLVE or $SOCKS5_RESOLVE.
295 See also command_reply().
296
297 SocksDebug => This will cause all of the SOCKS traffic to
298 be presented on the command line in a form
299 similar to the tables in the RFCs. This overrides value
300 of $SOCKS_DEBUG variable. Boolean.
301
302 ProxyAddr => Local host bind address
303
304 ProxyPort => Local host bind port
305
306 UserAuth => Reference to a function that returns 1 if client
307 allowed to use socks server, 0 otherwise. For
308 socks5 proxy it takes login and password as
309 arguments. For socks4 argument is userid.
310
311 RequireAuth => Not allow anonymous access for socks5 proxy.
312
313 Listen => Same as IO::Socket::INET listen option. Should be
314 specified as number > 0.
315
316 The following options should be specified:
317
318 Listen
319 ProxyAddr
320 ProxyPort
321
322 Other options are facultative.
323
324 accept( )
325
326 Accept an incoming connection and return a new IO::Socket::Socks object
327 that represents that connection. You must call command() on this to
328 find out what the incoming connection wants you to do, and then call
329 command_reply() to send back the reply.
330
331 version( )
332
333 Returns socks version for socket. It is useful when your server accepts
334 both 4 and 5 version. Then you should know socks version to make proper
335 response. Just call "version()" on socket received after "accept()".
336
337 ready( )
338
339 After non-blocking accept you will get new client socket object, which
340 may be not ready to transfer data (if socks handshake is not done yet).
341 ready() will return true value when handshake will be done successfully
342 and false otherwise. Note, socket returned by accept() call will be
343 always in blocking mode. So if your program can't block you should set
344 non-blocking mode for this socket before ready() call:
345 $socket->blocking(0). When ready() returns false value you can
346 determine what socks handshake needs for with $SOCKS_ERROR variable. It
347 may need for read, then $SOCKS_ERROR will be SOCKS_WANT_READ or need
348 for write, then it will be SOCKS_WANT_WRITE.
349
350 Example:
351
352 use IO::Socket::Socks;
353 use IO::Select;
354
355 my $server = IO::Socket::Socks->new(ProxyAddr => 'localhost', ProxyPort => 1080, Blocking => 0)
356 or die $@;
357 my $select = IO::Select->new($server);
358 $select->can_read(); # wait for client
359
360 my $client = $server->accept()
361 or die "accept(): $! ($SOCKS_ERROR)";
362 $client->blocking(0); # !!!
363 $select->add($client);
364 $select->remove($server); # no more connections
365
366 while (1) {
367 if ($client->ready) {
368 my $command = $client->command;
369
370 ... # do client command
371
372 $client->command_reply(IO::Socket::Socks::REPLY_SUCCESS, $command->[1], $command->[2]);
373
374 ... # transfer traffic
375
376 last;
377 }
378 elsif ($SOCKS_ERROR == SOCKS_WANT_READ) {
379 $select->can_read();
380 }
381 elsif ($SOCKS_ERROR == SOCKS_WANT_WRITE) {
382 $select->can_write();
383 }
384 else {
385 die "Unexpected error: $SOCKS_ERROR";
386 }
387 }
388
389 command( )
390
391 After you call accept() the client has sent the command they want you
392 to process. This function should be called on the socket returned by
393 accept(). It returns a reference to an array with the following format:
394
395 [ COMMAND, ADDRESS, PORT, ADDRESS TYPE ]
396
397 command_reply( REPLY CODE, ADDRESS, PORT )
398
399 After you call command() the client needs to be told what the result
400 is. The REPLY CODE is one of the constants as follows (integer value):
401
402 For socks v4
403 REQUEST_GRANTED(90): request granted
404 REQUEST_FAILED(91): request rejected or failed
405 REQUEST_REJECTED_IDENTD(92): request rejected because SOCKS server cannot connect to identd on the client
406 REQUEST_REJECTED_USERID(93): request rejected because the client program and identd report different user-ids
407
408 For socks v5
409 REPLY_SUCCESS(0): Success
410 REPLY_GENERAL_FAILURE(1): General Failure
411 REPLY_CONN_NOT_ALLOWED(2): Connection Not Allowed
412 REPLY_NETWORK_UNREACHABLE(3): Network Unreachable
413 REPLY_HOST_UNREACHABLE(4): Host Unreachable
414 REPLY_CONN_REFUSED(5): Connection Refused
415 REPLY_TTL_EXPIRED(6): TTL Expired
416 REPLY_CMD_NOT_SUPPORTED(7): Command Not Supported
417 REPLY_ADDR_NOT_SUPPORTED(8): Address Not Supported
418
419 HOST and PORT are the resulting host and port (where server socket
420 responsible for this command bound).
421
422 Note: for 5 version "command_reply" will try to resolve passed address
423 if "SocksResolve" has true value and passed address is domain name. To
424 avoid this just pass ip address ("$socket->sockhost") instead of host
425 name or turn off "SocksResolve" for this server. For version 4 passed
426 host name will always be resolved to ip address even if "SocksResolve"
427 has false value. Because this version doesn't support "ADDRESS" as
428 domain name.
429
431 $SOCKS_ERROR
432 This scalar behaves like $! in that if undef is returned. $SOCKS_ERROR
433 is IO::Socket::Socks::Error object with some overloaded operators. In
434 string context this variable should contain a string reason for the
435 error. In numeric context it contains error code.
436
437 $SOCKS4_RESOLVE
438 If this variable has true value resolving of host names will be done by
439 proxy server, otherwise resolving will be done locally. Resolving host
440 by socks proxy version 4 is extension to the protocol also known as
441 socks4a. So, only socks4a proxy supports resolving of hostnames.
442 Default value of this variable is false. This variable is not
443 importable. See also `SocksResolve' parameter in the constructor.
444
445 $SOCKS5_RESOLVE
446 If this variable has true value resolving of host names will be done by
447 proxy server, otherwise resolving will be done locally. Note: some
448 bugous socks5 servers doesn't support resolving of host names. Default
449 value is true. This variable is not importable. See also
450 `SocksResolve' parameter in the constructor.
451
452 $SOCKS_DEBUG
453 Default value is $ENV{SOCKS_DEBUG}. If this variable has true value and
454 no SocksDebug option in the constructor specified, then SocksDebug will
455 has true value. This variable is not importable.
456
457 $SOCKET_CLASS
458 With this variable you can get/set base socket class for
459 "IO::Socket::Socks". By default it tries to use "IO::Socket::IP" 0.36+
460 as socket class. And falls back to "IO::Socket::INET" if not available.
461 You can set $IO::Socket::Socks::SOCKET_CLASS before loading of
462 "IO::Socket::Socks" and then it will not try to detect proper base
463 class itself. You can also set it after loading of "IO::Socket::Socks"
464 and this will automatically update @ISA, so you shouldn't worry about
465 inheritance.
466
468 The following constants could be imported manually or using
469 `:constants' tag:
470
471 SOCKS5_VER
472 SOCKS4_VER
473 ADDR_IPV4
474 ADDR_DOMAINNAME
475 ADDR_IPV6
476 CMD_CONNECT
477 CMD_BIND
478 CMD_UDPASSOC
479 AUTHMECH_ANON
480 AUTHMECH_USERPASS
481 AUTHMECH_INVALID
482 AUTHREPLY_SUCCESS
483 AUTHREPLY_FAILURE
484 ISS_UNKNOWN_ADDRESS # address type sent by client/server not supported by I::S::S
485 ISS_BAD_VERSION # socks version sent by client/server != specified version
486 ISS_CANT_RESOLVE # I::S::S failed to resolve some host
487 REPLY_SUCCESS
488 REPLY_GENERAL_FAILURE
489 REPLY_CONN_NOT_ALLOWED
490 REPLY_NETWORK_UNREACHABLE
491 REPLY_HOST_UNREACHABLE
492 REPLY_CONN_REFUSED
493 REPLY_TTL_EXPIRED
494 REPLY_CMD_NOT_SUPPORTED
495 REPLY_ADDR_NOT_SUPPORTED
496 REQUEST_GRANTED
497 REQUEST_FAILED
498 REQUEST_REJECTED_IDENTD
499 REQUEST_REJECTED_USERID
500 SOCKS_WANT_READ
501 SOCKS_WANT_WRITE
502 ESOCKSPROTO
503
504 SOCKS_WANT_READ, SOCKS_WANT_WRITE and ESOCKSPROTO are imported by
505 default.
506
508 Since version 0.66 "IO::Socket::Socks" supports IPv6 with help of
509 IO::Socket::IP 0.36+. And will use "IO::Socket::IP" as base class if
510 available. However you can force set "$SOCKET_CLASS =
511 "IO::Socket::INET"" to use IPv4 only. See also "$SOCKET_CLASS"
512
514 How to determine is connection to socks server (client accept) failed
515 or some protocol error occurred?
516 You can check $! variable. If $! == ESOCKSPROTO constant, then it
517 was error in the protocol. Error description could be found in
518 $SOCKS_ERROR.
519
520 How to determine which error in the protocol occurred?
521 You should compare $SOCKS_ERROR with constants below:
522
523 AUTHMECH_INVALID
524 AUTHREPLY_FAILURE
525 ISS_UNKNOWN_ADDRESS
526 ISS_BAD_VERSION
527 REPLY_GENERAL_FAILURE
528 REPLY_CONN_NOT_ALLOWED
529 REPLY_NETWORK_UNREACHABLE
530 REPLY_HOST_UNREACHABLE
531 REPLY_CONN_REFUSED
532 REPLY_TTL_EXPIRED
533 REPLY_CMD_NOT_SUPPORTED
534 REPLY_ADDR_NOT_SUPPORTED
535 REQUEST_FAILED
536 REQUEST_REJECTED_IDENTD
537 REQUEST_REJECTED_USERID
538
540 The following options are not implemented:
541
542 GSSAPI authentication
543 UDP server side support
544
545 Patches are welcome.
546
548 IO::Socket::Socks::Wrapper
549
551 Original author is Ryan Eatmon
552
553 Now maintained by Oleg G <oleg@cpan.org>
554
556 This module is free software, you can redistribute it and/or modify it
557 under the terms of LGPL.
558
559
560
561perl v5.28.1 2017-05-04 IO::Socket::Socks(3)