README
¶
Mixnet over CloudProxy
A mixnet router facilitates anonymous communications among a set of peers. Alice wants to send Msg to Bob; she encrypts, authenticates, and sends the message (Msg, Bob) to Molly, a mixnet router. Molly waits until she has n-1 more messages from n-1 other peers, then transmits the messages to their respective destinations simultaneously, thus anonymizing Alice among a set of n peers. Such a service is only useful if Molly can be trusted to not divulge the link (Alice, Bob). This document specifies a simple mixnet built on the CloudProxy platform that reduces this trust to the knowledge of a public key and trust in the owner of that key.
Security goals and threat model
There are three principals in our protocol: the sender, recipient, and the policy owner. Our goal is to design a protocol that provides anonymity for senders without requiring the recipient to execute the protocol. The policy owner controls the root policy private key that is used to attest to the instantiation of mixnet routers using the CloudProxy platform. CloudProxy exposes the code to the users, as well as the operating system in which it is running. To instantiate a mixnet router, a TPM coupled with the hardware platform generates a public key, which is attested to by the policy owner by signing it with the private policy key. When the machine boots, the OS is measured and generates a private/public key pair, which is attested to by the TPM; finally, the mixnet code itself is measured and generates a private/public key pair, which is attested to by the OS. Hence, trust in the mixnet routers to faithfully carry out the protocol is reduced to correct provisioning of the policy key.
We consider a global passive adversary who observes all communications between senders and mixnet routers, mixnet routers and other mixnet routers, and mixnet routers and recipients. The adversary may also send messages on channels it observes. Since the service is anonymous, the adversary is allowed to control any number of senders or recipients. The effect is that the state of that peer is exposed, including any and all cryptographic keys. We assume that the policy key was correctly provisioned; if the code implements the protocol correctly and is properly isolated during its execution, we claim this precludes the possibility of exposing a router’s state. (This is a strong claim offered here without proof. CloudProxy provides assurance that the expected program is running; assuming the code does not contain any bugs that allow it to be comprimised, a formal treatment of our protocol should reduce the adversary's control of the routers to standard cryptographic assumptions: in particular, CDH on elliptic curves, as well as the integrity and confidentiality of the cipher suite underyling TLS.)
The intended property of communications over the mixnet is unlinkability in the sense of [1]. Consider a set of senders S where |S| = n and a set of recipients T. Each sender chooses one recipient as well as a message to send so that M : S → T is an onto mapping. The messages are transmitted to their respective recipients over the mixnet; the adversary succeeds if it outputs (s, t) such that M(s) = t, unless it controls both s and t. We say that communication over the mixnet is unlinkable if for any adversary the probability of success is less than 1/n plus some negligible value.
Alternative definition: as above, except the adversary chooses the messages to be sent. This change may make it easier to analyze the unlinkability of a particular protocol. However, this would require the recipients to participate in the protocol, since messages exiting the mixnet must be encrypted.
For a protocol to achieve security in this sense, the messages must all have the same length; of course, this is not always reasonable in practice. Mixnets address this by splitting messages into fixed-length cells. Senders split messages into cells (zero-padding the last cell as needed) and send them to the first router where they are added to a queue. At each round the router waits until there are m cells in the queue from m distinct senders and transmits these simultaneously to achieve anonymity.
Extending the definition of unlinkability to a mixnet that divides messages into cells and transmits at rounds is challenging: the presence of variable-length messages exposes traffic patterns to the adversary. One way to mitigate this problem is to zero-pad all messages to the length of the longest message. This achieves a property called unobservability [1] which is too expensive for our purposes.
Another appraoch is to weaken the security model to one in which the adversary may only observe a fraction of the network at any one time; relaying messages over circuits of routers may make it more difficult to perform traffic analysis. This is the case for the design of the Tor onion-routing protocol [2]. We will consider extending our protocol to a network of routers to achieve security in this model. This approach may have the added benifit of reducing latency of messages traversing the mixnet.
Design Overview
Our mixnet design consists of two major component, router and proxy, and one
administrative component, directory. A router (mixnet_router), or a mix,
shuffles and routes users' messages, and a proxy (mixnet_proxy) accepts any
TCP connections via a SOCKS5 proxy from a user and relays the packets through
the mixnet. A directory (mixnet_directory) acts as a synchronization point,
and manages a list of available routers in the mixnet currently for other
routers and proxies to use.
At a high level, our design is, at least at the moment, an asynchronous free-flow mixnet. Unlike cascade-mixnets, a free-flow mixnet allows different messages to be routed through different paths through the network of mixes. It is also asynchronous in the sense that each mix makes their own routing decisions without coordinating with rest of the mixes in the network.
A typical messaging session for two end-to-end users, Alice and Bob, works as follows.
-
Proxy accepts a connection from Alice, and receives a message to send to Bob.
-
Proxy picks an entry mix. It then establishes a one-way authenticated TLS connection with the entry (the mix attests that it is running CloudProxy), and requests to establish a circuit to Bob. A circuit is a path of mixes in the network the messages for this particular end-to-end connection will be routed through.
-
The entry mix selects random mixes to form a circuit. It establishes a two-way authenticated TLS connection to the next mix in the circuit, and it relays the circuit creation request to the next hop. The next mix does the same until the circuit reaches the exit mix.
-
Once the circuit is established, the proxy sends the message over to the entry mix. Every packet exchanged between a mix and a proxy, called a cell, is of fixed length. If the message is shorter than a cell, then the message is padded to the fixed length. If the message is longer, then it is broken down into multiple cells.
-
Once enough cells from different proxies are available at the entry mix, it permutes the cells, and sends the cells to the next mix in the circuit. Similarly, the intermediate mixes in circuits wait for enough cells from different circuits, and permute the cells, and send the cells to the next hops. The exit mix reconstructs the message from cells, and send the message to Bob.
-
Bob can respond to the message, and the message will traverse the mixnet using the same circuit in reverse.
Note that in step 3, the entry mix picks the circuit through the network, not Bob. This is because the entry mix, which is CloudProxy authenticated, is assumed to be secure, and disabling malicious users (who are not authenticated) from selecting the path will likely enable better security.
The design also made several design decisions that trades-off security and performance. For instance, it may result in less latency to allow a mix in step 5 to treat connections from proxies and other routers the same way, and thus requires less connections from proxies. This, however, could reduce the anonymity set size of the proxies. Such design choices may change as we analyze the security of the system further.
Code Overview
Some of the important files are
queue.go: Implements the batching and mixing functionality for cells.router.goHandles connections from/to proxies, routers, and end points. Uses a queue fromqueue.goto maintain 3 different queues for (1) cells sent from proxies, (2) cells sent to proxies, and (3) cells to/from other routers. This is required to be run in CloudProxy environment.socks5.go: Implements a simple SOCKS5 proxy that proxy uses to listen to end users.proxy.go: Uses socks5 to receive messages from end-users, breaks the messages into cells, and handles communication with the entry mix.conn.go,listener.go,circuit.go: Used to manage different network connections and circuits.mixnet.proto: Specifies the directives (e.g., creating/destroying circuits) used by proxies and routers.
Parameters
There are server system wide parameters that impact the security and performance of the system.
-
Batch size (
batchsize): This determines how many cells from different circuits or proxies a router needs to collect before mixing and sending them to the next hop in the circuit. -
Hop length: Currently, the default number of hops in the circuit is set to 3. Longer circuits will likely provide better anonymity, at the cost of increased latency, and vice-versa. The hop count also need not be fixed for all circuits, but we assume it is for simpler design and analysis.
-
Cell size: Each cell is fixed at 1024B currently. This should be at most 65KB, the maximum packet length for TCP.
Tests
mixnet_test.go and other test files contain unit tests and integration tests
that can be run natively in Go. The largest integration test uses 20 proxies,
6 routers, and there are four paths through the routers used by 20 proxies.
The messages are then echoed back to the proxies by a simple server at the
end of the circuit.
The scripts in scripts runs a full Tao test (currently with soft-tao). It
implements essentially the same integration test as the one in mixnet_test.go,
except it runs it with real Tao (though SoftTao at the moment). The script
assumes that CloudProxy is installed already. Please take a look at the README
in the scripts directory for instructions to run the scripts.
References
[1] Andreas Pfitzman, 2010. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf
[2] Tor specification. https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
[3] SOCKS Protocol Version 5. http://tools.ietf.org/html/rfc1928
Documentation
¶
Overview ¶
Package mixnet is a generated protocol buffer package.
It is generated from these files:
mixnet.proto
It has these top-level messages:
Directive DirectoryMessage
Index ¶
- Constants
- Variables
- func GetDirectory(c net.Conn) ([]string, [][]byte, error)
- func Listen(network, laddr string, config *tls.Config, g tao.Guard, v *tao.Verifier, ...) (net.Listener, error)
- func RegisterRouter(c net.Conn, addrs []string, keys [][]byte) error
- func SocksListen(network, addr string) (net.Listener, error)
- type Circuit
- func (c *Circuit) BufferCell(cell []byte, err error)
- func (c *Circuit) Close() error
- func (c *Circuit) Decrypt(boxed []byte) ([]byte, bool)
- func (c *Circuit) Encrypt(msg []byte) []byte
- func (c *Circuit) Read(msg []byte) (int, error)
- func (c *Circuit) ReceiveDirective(d *Directive) error
- func (c *Circuit) ReceiveMessage() ([]byte, error)
- func (c *Circuit) SendDirective(d *Directive) (int, error)
- func (c *Circuit) SendMessage(msg []byte) error
- func (c *Circuit) SetKeys(peerKey, publicKey, privateKey *[32]byte)
- func (c *Circuit) Write(msg []byte) (int, error)
- type Conn
- func (c *Conn) AddCircuit(circuit *Circuit)
- func (c *Conn) DeleteCircuit(circuit *Circuit) bool
- func (c *Conn) Empty() bool
- func (c *Conn) GetCircuit(id uint64) *Circuit
- func (c *Conn) Member(id uint64) bool
- func (c *Conn) Read(msg []byte) (n int, err error)
- func (c *Conn) Write(msg []byte) (n int, err error)
- type Directive
- func (*Directive) Descriptor() ([]byte, []int)
- func (m *Directive) GetAddrs() []string
- func (m *Directive) GetError() string
- func (m *Directive) GetKey() []byte
- func (m *Directive) GetType() DirectiveType
- func (*Directive) ProtoMessage()
- func (m *Directive) Reset()
- func (m *Directive) String() string
- type DirectiveType
- type DirectoryContext
- type DirectoryMessage
- func (*DirectoryMessage) Descriptor() ([]byte, []int)
- func (m *DirectoryMessage) GetAddrs() []string
- func (m *DirectoryMessage) GetError() string
- func (m *DirectoryMessage) GetKeys() [][]byte
- func (m *DirectoryMessage) GetType() DirectoryMessageType
- func (*DirectoryMessage) ProtoMessage()
- func (m *DirectoryMessage) Reset()
- func (m *DirectoryMessage) String() string
- type DirectoryMessageType
- type ProxyContext
- func (p *ProxyContext) Accept() (net.Conn, error)
- func (p *ProxyContext) Close()
- func (p *ProxyContext) CreateCircuit(path []string, dest string) (*Circuit, uint64, error)
- func (p *ProxyContext) DestroyCircuit(id uint64) error
- func (p *ProxyContext) DialRouter(network, addr string) (*Conn, error)
- func (p *ProxyContext) GetDirectory(dirAddr string) ([]string, [][]byte, error)
- func (p *ProxyContext) HandleClient(id uint64) error
- func (p *ProxyContext) ServeClient(c net.Conn, path []string, dest string) error
- type Queue
- func (sq *Queue) Close(id uint64, msg []byte, destroy bool, conn, errConn net.Conn)
- func (sq *Queue) DoQueue(kill <-chan bool)
- func (sq *Queue) DoQueueErrorHandler(queue *Queue, kill <-chan bool)
- func (sq *Queue) Enqueue(q *Queueable)
- func (sq *Queue) EnqueueMsg(id uint64, msg []byte, conn, errConn net.Conn)
- type Queueable
- type RouterContext
- func (r *RouterContext) Accept() (*Conn, error)
- func (r *RouterContext) Close()
- func (r *RouterContext) DeleteRouter()
- func (r *RouterContext) DialRouter(network, addr string) (*Conn, error)
- func (r *RouterContext) GetDirectory(dirAddr string) ([]string, [][]byte, error)
- func (r *RouterContext) HandleErr()
- func (r *RouterContext) Register(dirAddr string) error
- func (r *RouterContext) SendError(queue *Queue, queueId, id uint64, err error, c *Conn) error
- type SocksConn
- type SocksListener
Constants ¶
const ( // CellBytes specifies the length of a cell. CellBytes = 1 << 10 // MaxMsgBytes specifies the maximum length of a message. MaxMsgBytes = 1 << 16 )
const ( // Update directory every x amount of time DefaultUpdateFrequency = 3600 * time.Second DefaultHopCount = 2 DefaultTimeout = 10 * time.Second )
const ( ID_SIZE = 8 LEN_SIZE = 8 BODY_SIZE = CellBytes - BODY - box.Overhead - 24 )
const ( ID = 0 TYPE = ID + ID_SIZE BODY = 9 )
const ( SocksVersion = 0x05 SocksMethodNoAuth = 0x00 SocksNoAcceptableMethod = 0xff SocksCmdConnect = 0x01 SocksAtypIPv4 = 0x01 SocksRepSuccess = 0x00 SocksRepFailure = 0x01 SocksRepUnsupported = 0x07 )
Codes used in the RFC standard of SOCKS version 5.
Variables ¶
var DirectiveType_name = map[int32]string{
0: "ERROR",
1: "CREATE",
2: "CREATED",
3: "DESTROY",
4: "DESTROYED",
}
var DirectiveType_value = map[string]int32{
"ERROR": 0,
"CREATE": 1,
"CREATED": 2,
"DESTROY": 3,
"DESTROYED": 4,
}
var DirectoryMessageType_name = map[int32]string{
0: "REGISTER",
1: "DELETE",
2: "LIST",
3: "DIRECTORY",
4: "DIRERROR",
}
var DirectoryMessageType_value = map[string]int32{
"REGISTER": 0,
"DELETE": 1,
"LIST": 2,
"DIRECTORY": 3,
"DIRERROR": 4,
}
Functions ¶
Types ¶
type Circuit ¶
type Circuit struct {
// contains filtered or unexported fields
}
A circuit carries cells
func NewCircuit ¶
A circuit now encrypts for the exit circuit. The key is assumed to be available through "peerKey", and publicKey and privateKey are the keys are local keys used to perform diffiehellman with peerKey. The keys are optional.
func (*Circuit) BufferCell ¶
func (*Circuit) ReceiveDirective ¶
ReceiveDirective awaits a reply from the peer and returns the directive received, e.g. in response to RouterContext.HandleProxy(). If the directive type is ERROR, return an error.
func (*Circuit) ReceiveMessage ¶
ReceiveMessage reads message cells from the router and assembles them into a messsage.
func (*Circuit) SendDirective ¶
SendDirective serializes and pads a directive to the length of a cell and sends it to the peer. A directive is signaled to the receiver by the first byte of the cell. The next few bytes encode the length of of the serialized protocol buffer. If the buffer doesn't fit in a cell, then throw an error.
func (*Circuit) SendMessage ¶
SendMessage divides a message into cells and sends each cell over the network connection. A message is signaled to the receiver by the first byte of the first cell. The next few bytes encode the total number of bytes in the message.
type Conn ¶
Conn implements the net.Conn interface. The read and write operations are overloaded to check that only cells are sent between entities in the mixnet protocol.
func (*Conn) AddCircuit ¶
func (*Conn) DeleteCircuit ¶
func (*Conn) GetCircuit ¶
type Directive ¶
type Directive struct {
Type *DirectiveType `protobuf:"varint,1,req,name=type,enum=mixnet.DirectiveType" json:"type,omitempty"`
// CREATE, a sequence of addresses (e.g. "192.168.1.1:7007")
// comprising the circuit to be constructed over the mixnet. Each address
// corresponds to a mixnet router except the last, which is the service the
// proxy would like to contact.
Addrs []string `protobuf:"bytes,2,rep,name=addrs" json:"addrs,omitempty"`
Key []byte `protobuf:"bytes,3,opt,name=key" json:"key,omitempty"`
// ERROR or FATAL, an error message.
Error *string `protobuf:"bytes,4,opt,name=error" json:"error,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (*Directive) Descriptor ¶
func (*Directive) GetType ¶
func (m *Directive) GetType() DirectiveType
func (*Directive) ProtoMessage ¶
func (*Directive) ProtoMessage()
type DirectiveType ¶
type DirectiveType int32
const ( DirectiveType_ERROR DirectiveType = 0 DirectiveType_CREATE DirectiveType = 1 DirectiveType_CREATED DirectiveType = 2 DirectiveType_DESTROY DirectiveType = 3 DirectiveType_DESTROYED DirectiveType = 4 )
func (DirectiveType) Enum ¶
func (x DirectiveType) Enum() *DirectiveType
func (DirectiveType) EnumDescriptor ¶
func (DirectiveType) EnumDescriptor() ([]byte, []int)
func (DirectiveType) String ¶
func (x DirectiveType) String() string
func (*DirectiveType) UnmarshalJSON ¶
func (x *DirectiveType) UnmarshalJSON(data []byte) error
type DirectoryContext ¶
type DirectoryContext struct {
// contains filtered or unexported fields
}
func NewDirectoryContext ¶
func (*DirectoryContext) Close ¶
func (dc *DirectoryContext) Close()
type DirectoryMessage ¶
type DirectoryMessage struct {
Type *DirectoryMessageType `protobuf:"varint,1,req,name=type,enum=mixnet.DirectoryMessageType" json:"type,omitempty"`
// Addresses to register to or delete from the directory,
// or list of all available mixnets
Addrs []string `protobuf:"bytes,2,rep,name=addrs" json:"addrs,omitempty"`
Keys [][]byte `protobuf:"bytes,3,rep,name=keys" json:"keys,omitempty"`
// Possible error message
Error *string `protobuf:"bytes,4,opt,name=error" json:"error,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (*DirectoryMessage) Descriptor ¶
func (*DirectoryMessage) Descriptor() ([]byte, []int)
func (*DirectoryMessage) GetAddrs ¶
func (m *DirectoryMessage) GetAddrs() []string
func (*DirectoryMessage) GetError ¶
func (m *DirectoryMessage) GetError() string
func (*DirectoryMessage) GetKeys ¶
func (m *DirectoryMessage) GetKeys() [][]byte
func (*DirectoryMessage) GetType ¶
func (m *DirectoryMessage) GetType() DirectoryMessageType
func (*DirectoryMessage) ProtoMessage ¶
func (*DirectoryMessage) ProtoMessage()
func (*DirectoryMessage) Reset ¶
func (m *DirectoryMessage) Reset()
func (*DirectoryMessage) String ¶
func (m *DirectoryMessage) String() string
type DirectoryMessageType ¶
type DirectoryMessageType int32
const ( DirectoryMessageType_REGISTER DirectoryMessageType = 0 DirectoryMessageType_DELETE DirectoryMessageType = 1 DirectoryMessageType_LIST DirectoryMessageType = 2 DirectoryMessageType_DIRECTORY DirectoryMessageType = 3 DirectoryMessageType_DIRERROR DirectoryMessageType = 4 )
func (DirectoryMessageType) Enum ¶
func (x DirectoryMessageType) Enum() *DirectoryMessageType
func (DirectoryMessageType) EnumDescriptor ¶
func (DirectoryMessageType) EnumDescriptor() ([]byte, []int)
func (DirectoryMessageType) String ¶
func (x DirectoryMessageType) String() string
func (*DirectoryMessageType) UnmarshalJSON ¶
func (x *DirectoryMessageType) UnmarshalJSON(data []byte) error
type ProxyContext ¶
type ProxyContext struct {
// contains filtered or unexported fields
}
ProxyContext stores the runtime environment for a mixnet proxy. A mixnet proxy connects to a mixnet router on behalf of a client's application.
func NewProxyContext ¶
func NewProxyContext(path, network, addr string, directories []string, hopCount int, timeout time.Duration) (*ProxyContext, error)
NewProxyContext loads a domain from a local configuration.
func (*ProxyContext) Accept ¶
func (p *ProxyContext) Accept() (net.Conn, error)
Accept waits for clients running the SOCKS5 protocol.
func (*ProxyContext) CreateCircuit ¶
CreateCircuit connects anonymously to a remote Tao-delegated mixnet router specified by path[0]. It directs the router to construct a circuit to dest. The user either provides just the exit, or the whole path
func (*ProxyContext) DestroyCircuit ¶
func (p *ProxyContext) DestroyCircuit(id uint64) error
DestroyCircuit directs the router to close the connection to the destination and destroy the circuit then closes the connection.
func (*ProxyContext) DialRouter ¶
func (p *ProxyContext) DialRouter(network, addr string) (*Conn, error)
DialRouter connects anonymously to a remote Tao-delegated mixnet router.
func (*ProxyContext) GetDirectory ¶
func (p *ProxyContext) GetDirectory(dirAddr string) ([]string, [][]byte, error)
Read the directory from a directory server TODO(kwonalbert): This is more or less a duplicate of the router get dir.. Combine them..
func (*ProxyContext) HandleClient ¶
func (p *ProxyContext) HandleClient(id uint64) error
HandleClient relays a message read from client connection c to mixnet connection d and relay reply.
func (*ProxyContext) ServeClient ¶
ServeClient creates a circuit over the mixnet and relays messages to a destination (specified by addrs[len(addrs)-1]) on behalf of the client. Read a message from the client, send it over the mixnet, wait for a reply, and forward it the client. Once an EOF is encountered (or some other error occurs), destroy the circuit.
type Queue ¶
type Queue struct {
// contains filtered or unexported fields
}
The Queue structure maps a circuit identifier corresponding to a sender (in the router context) to a destination. It also maintains a message buffer for each sender. Once messages are ready on enough buffers, a batch of messages are transmitted simultaneously.
func (*Queue) Close ¶
Close creates a queueable object that sends the last msg in the circuit, closes the connection and deletes all associated resources.
func (*Queue) DoQueue ¶
DoQueue adds messages to a queue and transmits messages in batches. It also provides an interface for receiving messages from a server. Typically a message is a cell, but when the calling router is an exit point, the message length is arbitrary. A batch is transmitted when there are messages on batchSize distinct sender channels.
func (*Queue) DoQueueErrorHandler ¶
DoQueueErrorHandler handles errors produced by DoQueue by enqueing onto queue a directive containing the error message.
type Queueable ¶
type Queueable struct {
// contains filtered or unexported fields
}
The Queueable object is passed through a channel and mutates the state of the Queue in some manner; for example, it can set the destination adddress or connection of a sender, add a message or request for reply to the queue, or destroy any resources associated with the connection.
type RouterContext ¶
type RouterContext struct {
// contains filtered or unexported fields
}
RouterContext stores the runtime environment for a Tao-delegated router.
func NewRouterContext ¶
func NewRouterContext(path, network, addr string, timeout time.Duration, directories []string, batchSize int, x509Identity *pkix.Name, t tao.Tao) (r *RouterContext, err error)
NewRouterContext generates new keys, loads a local domain configuration from path and binds an anonymous listener socket to addr using network protocol. It also creates a regular listener socket for other routers to connect to. A delegation is requested from the Tao t which is nominally the parent of this hosted program.
func (*RouterContext) Accept ¶
func (r *RouterContext) Accept() (*Conn, error)
AcceptRouter Waits for connectons from other routers.
func (*RouterContext) Close ¶
func (r *RouterContext) Close()
Close releases any resources held by the hosted program.
func (*RouterContext) DeleteRouter ¶
func (r *RouterContext) DeleteRouter()
func (*RouterContext) DialRouter ¶
func (r *RouterContext) DialRouter(network, addr string) (*Conn, error)
DialRouter connects to a remote Tao-delegated mixnet router.
func (*RouterContext) GetDirectory ¶
func (r *RouterContext) GetDirectory(dirAddr string) ([]string, [][]byte, error)
Read the directory from a directory server
func (*RouterContext) HandleErr ¶
func (r *RouterContext) HandleErr()
Handle errors internal to the router When instantiating a real router (not for testing), one start this function as well to handle the errors
func (*RouterContext) Register ¶
func (r *RouterContext) Register(dirAddr string) error
Register the current router to a directory server
type SocksConn ¶
SocksConn implements the net.Conn interface and contains a destination network and address for the proxy.
func (*SocksConn) DestinationAddr ¶
DestinationAddr returns the destination address negotiated in the SOCKS protocol.
type SocksListener ¶
SocksListener implements the net.Listener interface as a SOCKS server. This program partially implements the server role in version 5 of the SOCKS protocol specified in RFC 1928. In particular, it only supports TCP clients with no authentication who request CONNECT to IPv4 addresses; neither BIND nor UDP ASSOCIATE are supported.
Source Files
Directories