| Location (XPath) | Required | Description |
|---|---|---|
| /proxycap_ruleset | yes | The "proxycap_ruleset" element must be the root element of the XML document. |
| /proxycap_ruleset/@version | yes | For this version of the format, the value of the "version" attribute must be set to "537". |
| /proxycap_ruleset/proxy_servers | no | The "proxycap_servers" element may contain one or more nested "proxy_server" elements. |
| /proxycap_ruleset/proxy_servers/proxy_server[n] | no | The "proxy_server" element defines a proxy server. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@name | yes | The "name" attribute specifies the display name of the proxy server. It must be a non-empty string of maximum length 39 characters. Unicode is supported. The name must be unique among proxy server and proxy chain display names. The value "(default)" is reserved. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@type | yes | The "type" attribute specifies the type of the proxy server. Its value must be one of: "http", "https", "shadowsocks", "socks4", "socks5", "ssh". |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@hostname | yes | The "hostname" attribute specifies the hostname, or the IP address, of the proxy server. International domain names are supported. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@port | yes | The "port" attribute specifies the port number of the proxy server. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@auth_method | yes | The "auth_method" attribute specifies the authentication method to use to authenticate to the proxy. Its value must be one of: "none", "password", "integrated", "gssapi", "key". |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@pref_cipher | no | The "pref_cipher" attribute specifies the preferred SSH2 cipher to use to encrypt the data. Its value must be one of: "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour". |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@ss_cipher | see description |
The "ss_cipher" attribute specifies the shadowsocks cipher to use to encrypt the data. Its value must be one of: "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305". This attribute is required for shadowsocks, otherwise it should be omitted. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@is_default | yes | The "is_default" attribute indicates whether the proxy server is the "default" proxy. Its value must be one of "true" or "false". If there is at least one proxy server defined, there must be exactly one "default" proxy. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@username | see description |
The "username" attribute specifies the username to use to authenticate to the proxy. This attribute is required with the "password" and "key" authentications except shadowssocks, and also with the "none" SSH authentication, otherwise it should be omitted. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@password | see description |
The "password" attribute specifies the password to use to authenticate to the proxy. This attribute is required with the "password" authentication, otherwise it should be omitted. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@key | see description |
The "key" attribute specifies the key to use to authenticate to the proxy. The key must be base64 encoded. To convert an OpenSSH authentication key to a compatible format, run xml2prs with argument "sshkey". A shadowsocks key can be specified as is. This attribute is required with the "key" authentication, otherwise it should be omitted. |
| /proxycap_ruleset/proxy_servers/proxy_server[n]/@hostkey | no | The "hostkey" attribute specifies the key to use to verify SSH server's host key. The key must be base64 encoded. To convert an OpenSSH host key to a compatible format, run xml2prs with argument "sshhostkey". |
| /proxycap_ruleset/proxy_chains | no | The "proxy_chains" element may contain one or more nested "proxy_chain" elements. |
| /proxycap_ruleset/proxy_chains/proxy_chain[n] | no | The "proxy_chain" element defines a proxy chain. A proxy chain must contain at least 2 proxies. |
| /proxycap_ruleset/proxy_chains/proxy_chain[n]/@name | yes | The "name" attribute specifies the display name of the proxy chain. It must be a non-empty string of maximum length 39 characters. Unicode is supported. The name must be unique among proxy chain and proxy server display names. The value "(default)" is reserved. |
| /proxycap_ruleset/proxy_chains/proxy_chain[n]/proxy_server[m] | yes | The "proxy_server" element references a proxy server . |
| /proxycap_ruleset/proxy_chains/proxy_chain[n]/proxy_server[m]/@name | yes | The value of the "name" atrribute must be either the display name of one of the proxy servers defined in "/proxycap_ruleset/proxy_servers" or the special value "(default)" indicating the "default" proxy. |
| /proxycap_ruleset/routing_rules | no | The "routing_rules" element may contain one or more nested "routing_rule" elements. |
| /proxycap_ruleset/routing_rules/routing_rule[n] | no | The "routing_rule" element defines a routing rule. |
| /proxycap_ruleset/routing_rules/routing_rule[n]/@name | yes | The "name" attribute specifies the display name of the rule. It must be a non-empty string of maximum length 79 characters. Unicode is supported. The name must be unique among rule display names. |
| /proxycap_ruleset/routing_rules/routing_rule[n]/@action | yes | The "action" attribute specifies the rule action. Its value must be one of: "proxy", "direct", "block". |
| /proxycap_ruleset/routing_rules/routing_rule[n]/@remote_dns | see description |
The "remote_dns" attribute specifies whether DNS lookups for redirected connections happen on the proxy server ("true") on the client ("false"). This attribute is required if the rule action is "proxy", otherwise it should be omitted. |
| /proxycap_ruleset/routing_rules/routing_rule[n]/@transports | yes | The "transports" attribute specifies which TCP/IP transport protocols the rule applies to. Its value must be one of: "tcp", "udp", "all" (meaning "TCP and UDP"). |
| /proxycap_ruleset/routing_rules/routing_rule[n]/@disabled | yes | The "disabled" attribute indicates whether the rule is disabled. Its value must be one of "true" or "false". |
| /proxycap_ruleset/routing_rule[n]/proxy_or_chain[m] | see description |
The "proxy_or_chain" element references a proxy server or proxy chain. This element must be present if the rule action is "proxy", otherwise it should be omitted. More than one "proxy_or_chain" elements may be defined in order to enable client-side load balancing. |
| /proxycap_ruleset/routing_rule[n]/proxy_or_chain[m]/@name | yes | The value of the "name" atrribute must be either the display name of one of the proxy servers defined in "/proxycap_ruleset/proxy_servers", the display name of one of the proxy chains defined in "/proxycap_ruleset/proxy_chains", or the special value "(default)" indicating the "default" proxy. |
| /proxycap_ruleset/routing_rule[n]/programs | no | The "programs" element, if exists, must contain one or more nested "program" elements. Omitting this element indicates that the rule applies to all programs. |
| /proxycap_ruleset/routing_rule[n]/programs/program[m] | yes | The "program" element specifies a program to which this rule applies. |
| /proxycap_ruleset/routing_rule[n]/programs/program[m]/@path | yes | The "path" attribute specifies either the full file path or the file name of the executable. |
| /proxycap_ruleset/routing_rule[n]/programs/program[m]/@dir_included | yes | The "dir_included" attribute indicates whether "path" is a full path or a file name. |
| /proxycap_ruleset/routing_rule[n]/ports | no | The "ports" element, if exists, must contain one or more nested "port_range" elements. Omitting this element indicates that the rule applies to all destination ports. |
| /proxycap_ruleset/routing_rule[n]/ports/port_range[m] | yes | The "port_range" element specifies a port range to which this rule applies. |
| /proxycap_ruleset/routing_rule[n]/ports/port_range[m]/@type | yes | The "type" attribute specifies the type of ports in the port range. Its value must be one of: "tcp", "udp". |
| /proxycap_ruleset/routing_rule[n]/ports/port_range[m]/@first | yes | The "first" attribute specifies the first port in the range. |
| /proxycap_ruleset/routing_rule[n]/ports/port_range[m]/@last | yes | The "last" attribute specifies the last port in the range. Its value must be greater or equal to the value of "first". |
| /proxycap_ruleset/routing_rule[n]/ip_addresses | no | The "ip_addresses" element, if exists, must contain one or more nested "ip_range" elements. Omitting this element indicates that the rule applies to all destination IP addresses. |
| /proxycap_ruleset/routing_rule[n]/ip_addresses/ip_range[m] | yes | The "ip_range" element specifies an IP address range to which this rule applies. |
| /proxycap_ruleset/routing_rule[n]/ip_addresses/ip_range[m]/@ip | yes | The "ip" attribute specifies the IP address for this IP address range. |
| /proxycap_ruleset/routing_rule[n]/ip_addresses/ip_range[m]/@mask | yes | The "mask" attribute specifies the number of 1's (bits) at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0 for IPv4 and FFFF:FF00:: for IPv6. |
| /proxycap_ruleset/routing_rule[n]/ip_addresses/ip_range[m]/@first_ip | yes | The "first_ip" attribute specifies the first IP address for this IP address range. |
| /proxycap_ruleset/routing_rule[n]/ip_addresses/ip_range[m]/@last_ip | yes | The "last_ip" attribute specifies the last IP address for this IP address range. |
| /proxycap_ruleset/routing_rule[n]/hostnames | no | The "hostnames" element, if exists, must contain one or more nested "hostname" elements. Omitting this element indicates that the rule applies to all destination hostnames. |
| /proxycap_ruleset/routing_rule[n]/hostnames/hostname[m] | yes | The "hostname" element specifies a hostname to which this rule applies. |
| /proxycap_ruleset/routing_rule[n]/hostnames/hostname[m]/@wildcard | yes | The "wildcard" attribute specifies the hostname. The special wildcard characters (*) and (?) can be used. |
| /proxycap_ruleset/remote_dns_exceptions | no | The "remote_dns_exceptions" element may contain one or more nested "remote_dns_exception" elements. |
| /proxycap_ruleset/remote_dns_exceptions/remote_dns_exception[n] | no | The "remote_dns_exception" element specifies a hostname to be always resolved locally. |
| /proxycap_ruleset/remote_dns_exceptions/remote_dns_exception[n]/@wildcard | yes | The "wildcard" attribute specifies the hostname. The special wildcard characters (*) and (?) can be used. |