niklata / muonsocks Goto Github PK

It would be extremely helpful if muonproxy stored counters for the amount of data (bytes) transfered from and to every client IP, and provided a way to request this data from the server at runtime.

Some ways to implement this that I can think of are:
a) signal handler - output the counters into a specified file or file descriptor upon receiving a specific signal (like SIGUSR1)
b) dedicated "admin" UNIX or UDP socket that accepts commands and returns data

Right now it is possible to specify multiple listen addresses by providing multiple -i options, but all of the client threads will reuse the same bind address for outgoing address (provided by -b option).

In a situation where a proxy server has multiple network interfaces, it would be nice to be able to specify multiple outgoing addresses so that a user connecting to a specific -i address could have his outgoing connections routed through a specific outgoing -b address.

This could be acheived with something as simple as specifying multiple -i and -b options on the command line, with outgoing addresses being assigned to the listen addresses in order in which they are specified, so that in this example:

./muonsocks -i 192.168.1.1 -i 10.0.0.1 -b 192.168.1.2 -b 10.0.0.10 -p 1080

connections made to 192.168.1.1:1080 use 192.168.1.2 for their outgoing connections, and connections made to 10.0.0.1 use 10.0.0.10

Currently a client connecting to muonproxy running on a remote server can perform connections to ports bound to 127.0.0.x addresses on that server, for example:

curl -x socks4://remote.host:1080 http://127.0.0.1:9999/

will send an HTTP request to the service listening on 127.0.0.1:9999 on remote.host that would not otherwise be accessible.

This could potentially be surprising for the server operator, and/or a security issue.

It would be nice to be able to define a list of ranges of addresses that should not be accessible via the proxy service, possibly with 127.* addresses being on that list by default.