{"id":13613287,"url":"https://github.com/heiher/hev-socks5-tproxy","last_synced_at":"2025-10-19T13:02:36.394Z","repository":{"id":21650796,"uuid":"24971555","full_name":"heiher/hev-socks5-tproxy","owner":"heiher","description":"A socks5 transparent proxy (IPv4/IPv6/TCP/UDP)","archived":false,"fork":false,"pushed_at":"2025-03-22T03:39:40.000Z","size":316,"stargazers_count":460,"open_issues_count":0,"forks_count":67,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-01T10:06:40.423Z","etag":null,"topics":["docker","iptables","linux","nftables","socks5-proxy","tcp","tproxy","transparent-proxy","udp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heiher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"License","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-09T03:08:55.000Z","updated_at":"2025-03-31T22:51:01.000Z","dependencies_parsed_at":"2023-09-28T17:52:54.017Z","dependency_job_id":"54f15757-00fb-45cd-b402-f83c2b9295c5","html_url":"https://github.com/heiher/hev-socks5-tproxy","commit_stats":null,"previous_names":[],"tags_count":69,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-socks5-tproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-socks5-tproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-socks5-tproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-socks5-tproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heiher","download_url":"https://codeload.github.com/heiher/hev-socks5-tproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247829490,"owners_count":21002995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","iptables","linux","nftables","socks5-proxy","tcp","tproxy","transparent-proxy","udp"],"created_at":"2024-08-01T20:00:43.438Z","updated_at":"2025-10-19T13:02:31.143Z","avatar_url":"https://github.com/heiher.png","language":"C","funding_links":[],"categories":["\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具","C"],"sub_categories":["\u003ca id=\"57b8e953d394bbed52df2a6976d98dfa\"\u003e\u003c/a\u003eSocks"],"readme":"# HevSocks5TProxy\n\n[![status](https://github.com/heiher/hev-socks5-tproxy/actions/workflows/build.yaml/badge.svg?branch=master\u0026event=push)](https://github.com/heiher/hev-socks5-tproxy)\n\nHevSocks5TProxy is a simple, lightweight transparent proxy for Linux.\n\n**Features**\n* IPv4/IPv6. (dual stack)\n* Redirect TCP connections.\n* Redirect UDP packets. (Fullcone NAT, UDP in UDP/TCP)\n\n```\n +---------------+ +---------------+\n | Socks5 Server | | Upstream DNS |\n +---------------+ +---------------+\n ^ ^\n | |\n +----------+----------+\n uplink | (eth1)\n +-------------------o\u003c-----------------+ (direct dns)\n | ^ |\n | socks5 | |\nset ether daddr | dns +---------------+ |\nrule routing |?---------\u003e| Socks5 TProxy |\u003c---------+ (proxy dns)\nipset/tproxy | tcp/udp +---------------+ tproxy |\n | | dns |\n | v |\n | +---------------+ dns |\n | | DNSMasq |----------+\n [nat/bridge] | +---------------+\n |\n +-------------------o\n downlink | (eth0)\n v\n +---------------+\n | LAN Host |\n +---------------+\n```\n\n## How to Build\n\n### Linux\n\n```bash\ngit clone --recursive https://github.com/heiher/hev-socks5-tproxy\ncd hev-socks5-tproxy\nmake\n```\n\n### Android\n\n```bash\nmkdir hev-socks5-tproxy\ncd hev-socks5-tproxy\ngit clone --recursive https://github.com/heiher/hev-socks5-tproxy jni\ncd jni\nndk-build\n```\n\n## How to Use\n\n### Config\n\n```yaml\nmain:\n workers: 1\n\nsocks5:\n port: 1080\n address: 127.0.0.1\n # Socks5 UDP relay mode (tcp|udp)\n udp: 'udp'\n # Socks5 handshake using pipeline mode\n# pipeline: false\n # Socks5 server username\n username: 'username'\n # Socks5 server password\n password: 'password'\n # Socket mark\n mark: 0x438\n\ntcp:\n port: 1088\n address: '::'\n\nudp:\n port: 1088\n address: '::'\n\n# Proxy DNS for bridged mode\n# [address]:port \u003c-\u003e [upstream]:53 (dnsmasq)\ndns:\n # DNS port\n port: 1053\n # DNS address\n address: '::'\n # DNS upstream\n upstream: 127.0.0.1\n\n#misc:\n# task-stack-size: 16384 # task stack size (bytes)\n# connect-timeout: 5000 # connect timeout (ms)\n# read-write-timeout: 60000 # read-write timeout (ms)\n# log-file: stderr # stdout or file-path\n# log-level: warn # debug, info or error\n# pid-file: /run/hev-socks5-tproxy.pid\n# limit-nofile: 65535\n```\n\n### Run\n\n```bash\n# Capabilities\nsetcap cap_net_admin,cap_net_bind_service+ep bin/hev-socks5-tproxy\n\nbin/hev-socks5-tproxy conf/main.yml\n```\n\n### Redirect rules\n\n#### Type 1: NfTables\n\n##### Netfilter\n\n```\ntable inet mangle {\n set byp4 {\n typeof ip daddr\n flags interval\n elements = {\n 0.0.0.0/8,\n 10.0.0.0/8,\n 100.64.0.0/10,\n 127.0.0.0/8,\n 169.254.0.0/16,\n 172.16.0.0/12,\n 192.0.0.0/24,\n 192.0.2.0/24,\n 192.88.99.0/24,\n 192.168.0.0/16,\n 198.18.0.0/15,\n 198.51.100.0/24,\n 203.0.113.0/24,\n 224.0.0.0/4,\n 240.0.0.0/4\n }\n }\n\n set byp6 {\n typeof ip6 daddr\n flags interval\n elements = {\n ::/128,\n ::1/128,\n ::ffff:0:0:0/96,\n 64:ff9b::/96,\n 100::/64,\n 2001::/32,\n 2001:20::/28,\n 2001:db8::/32,\n 2002::/16,\n fc00::/7,\n fe80::/10,\n ff00::/8\n }\n }\n\n chain prerouting {\n type filter hook prerouting priority mangle; policy accept;\n meta mark 0x438 return\n ip daddr @byp4 return\n ip6 daddr @byp6 return\n meta l4proto { tcp, udp } tproxy to :1088 meta mark set 0x440 accept\n }\n\n # Only for local mode\n chain output {\n type route hook output priority mangle; policy accept;\n meta mark 0x438 return\n ip daddr @byp4 return\n ip6 daddr @byp6 return\n meta l4proto { tcp, udp } meta mark set 0x440\n }\n}\n```\n\n##### Routing\n\n```bash\nip rule add fwmark 1088 table 100\nip route add local default dev lo table 100\n\nip -6 rule add fwmark 1088 table 100\nip -6 route add local default dev lo table 100\n```\n\n#### Type 2: IPTables\n\n##### Bypass ipset\n\n```bash\n# IPv4\nipset create byp4 hash:net family inet hashsize 2048 maxelem 65536\nipset add byp4 0.0.0.0/8\nipset add byp4 10.0.0.0/8\nipset add byp4 100.64.0.0/10\nipset add byp4 127.0.0.0/8\nipset add byp4 169.254.0.0/16\nipset add byp4 172.16.0.0/12\nipset add byp4 192.0.0.0/24\nipset add byp4 192.0.2.0/24\nipset add byp4 192.88.99.0/24\nipset add byp4 192.168.0.0/16\nipset add byp4 198.18.0.0/15\nipset add byp4 198.51.100.0/24\nipset add byp4 203.0.113.0/24\nipset add byp4 224.0.0.0/4\nipset add byp4 240.0.0.0/4\n\n# IPv6\nipset create byp6 hash:net family inet6 hashsize 1024 maxelem 65536\nipset add byp6 ::/128\nipset add byp6 ::1/128\nipset add byp6 ::ffff:0:0:0/96\nipset add byp6 64:ff9b::/96\nipset add byp6 100::/64\nipset add byp6 2001::/32\nipset add byp6 2001:20::/28\nipset add byp6 2001:db8::/32\nipset add byp6 2002::/16\nipset add byp6 fc00::/7\nipset add byp6 fe80::/10\nipset add byp6 ff00::/8\n```\n\n##### Netfilter and Routing\n\nGateway and Local modes\n\n```bash\n# IPv4\niptables -t mangle -A PREROUTING -m mark --mark 0x438 -j RETURN\niptables -t mangle -A PREROUTING -m set --match-set byp4 dst -j RETURN\niptables -t mangle -A PREROUTING -p tcp -j TPROXY --on-port 1088 --tproxy-mark 1088\niptables -t mangle -A PREROUTING -p udp -j TPROXY --on-port 1088 --tproxy-mark 1088\n\nip rule add fwmark 1088 table 100\nip route add local default dev lo table 100\n\n# Only for local mode\niptables -t mangle -A OUTPUT -m mark --mark 0x438 -j RETURN\niptables -t mangle -A OUTPUT -m set --match-set byp4 dst -j RETURN\niptables -t mangle -A OUTPUT -p tcp -j MARK --set-mark 1088\niptables -t mangle -A OUTPUT -p udp -j MARK --set-mark 1088\n\n# IPv6\nip6tables -t mangle -A PREROUTING -m mark --mark 0x438 -j RETURN\nip6tables -t mangle -A PREROUTING -m set --match-set byp6 dst -j RETURN\nip6tables -t mangle -A PREROUTING -p tcp -j TPROXY --on-port 1088 --tproxy-mark 1088\nip6tables -t mangle -A PREROUTING -p udp -j TPROXY --on-port 1088 --tproxy-mark 1088\n\nip -6 rule add fwmark 1088 table 100\nip -6 route add local default dev lo table 100\n\n# Only for local mode\nip6tables -t mangle -A OUTPUT -m mark --mark 0x438 -j RETURN\nip6tables -t mangle -A OUTPUT -m set --match-set byp6 dst -j RETURN\nip6tables -t mangle -A OUTPUT -p tcp -j MARK --set-mark 1088\nip6tables -t mangle -A OUTPUT -p udp -j MARK --set-mark 1088\n```\n\n## Contributors\n\n* **hev** - https://hev.cc\n* **ihipop** - https://ihipop.com\n* **pexcn** - \u003ci@pexcn.me\u003e\n* **spider84** - https://github.com/spider84\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiher%2Fhev-socks5-tproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheiher%2Fhev-socks5-tproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiher%2Fhev-socks5-tproxy/lists"}