[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torsocks/osx] Remove non-free RFC and replace with link.
commit 54f25db9d54c63052e789ec429d8a4296520e9d8
Author: mwenge <robert@xxxxxxxxxxxxxxx>
Date: Sat Nov 28 10:24:01 2009 +0000
Remove non-free RFC and replace with link.
---
doc/SOCKS5 | 2 +
doc/SOCKS5-rfc1928.txt | 507 ------------------------------------------------
2 files changed, 2 insertions(+), 507 deletions(-)
diff --git a/doc/SOCKS5 b/doc/SOCKS5
new file mode 100644
index 0000000..40dfcbd
--- /dev/null
+++ b/doc/SOCKS5
@@ -0,0 +1,2 @@
+http://www.ietf.org/rfc/rfc1928.txt
+
diff --git a/doc/SOCKS5-rfc1928.txt b/doc/SOCKS5-rfc1928.txt
deleted file mode 100644
index 46bf46e..0000000
--- a/doc/SOCKS5-rfc1928.txt
+++ /dev/null
@@ -1,507 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Leech
-Request for Comments: 1928 Bell-Northern Research Ltd
-Category: Standards Track M. Ganis
- International Business Machines
- Y. Lee
- NEC Systems Laboratory
- R. Kuris
- Unify Corporation
- D. Koblas
- Independent Consultant
- L. Jones
- Hewlett-Packard Company
- March 1996
-
-
- SOCKS Protocol Version 5
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Acknowledgments
-
- This memo describes a protocol that is an evolution of the previous
- version of the protocol, version 4 [1]. This new protocol stems from
- active discussions and prototype implementations. The key
- contributors are: Marcus Leech: Bell-Northern Research, David Koblas:
- Independent Consultant, Ying-Da Lee: NEC Systems Laboratory, LaMont
- Jones: Hewlett-Packard Company, Ron Kuris: Unify Corporation, Matt
- Ganis: International Business Machines.
-
-1. Introduction
-
- The use of network firewalls, systems that effectively isolate an
- organizations internal network structure from an exterior network,
- such as the INTERNET is becoming increasingly popular. These
- firewall systems typically act as application-layer gateways between
- networks, usually offering controlled TELNET, FTP, and SMTP access.
- With the emergence of more sophisticated application layer protocols
- designed to facilitate global information discovery, there exists a
- need to provide a general framework for these protocols to
- transparently and securely traverse a firewall.
-
-
-
-
-
-Leech, et al Standards Track [Page 1]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- There exists, also, a need for strong authentication of such
- traversal in as fine-grained a manner as is practical. This
- requirement stems from the realization that client-server
- relationships emerge between the networks of various organizations,
- and that such relationships need to be controlled and often strongly
- authenticated.
-
- The protocol described here is designed to provide a framework for
- client-server applications in both the TCP and UDP domains to
- conveniently and securely use the services of a network firewall.
- The protocol is conceptually a "shim-layer" between the application
- layer and the transport layer, and as such does not provide network-
- layer gateway services, such as forwarding of ICMP messages.
-
-2. Existing practice
-
- There currently exists a protocol, SOCKS Version 4, that provides for
- unsecured firewall traversal for TCP-based client-server
- applications, including TELNET, FTP and the popular information-
- discovery protocols such as HTTP, WAIS and GOPHER.
-
- This new protocol extends the SOCKS Version 4 model to include UDP,
- and extends the framework to include provisions for generalized
- strong authentication schemes, and extends the addressing scheme to
- encompass domain-name and V6 IP addresses.
-
- The implementation of the SOCKS protocol typically involves the
- recompilation or relinking of TCP-based client applications to use
- the appropriate encapsulation routines in the SOCKS library.
-
-Note:
-
- Unless otherwise noted, the decimal numbers appearing in packet-
- format diagrams represent the length of the corresponding field, in
- octets. Where a given octet must take on a specific value, the
- syntax X'hh' is used to denote the value of the single octet in that
- field. When the word 'Variable' is used, it indicates that the
- corresponding field has a variable length defined either by an
- associated (one or two octet) length field, or by a data type field.
-
-3. Procedure for TCP-based clients
-
- When a TCP-based client wishes to establish a connection to an object
- that is reachable only via a firewall (such determination is left up
- to the implementation), it must open a TCP connection to the
- appropriate SOCKS port on the SOCKS server system. The SOCKS service
- is conventionally located on TCP port 1080. If the connection
- request succeeds, the client enters a negotiation for the
-
-
-
-Leech, et al Standards Track [Page 2]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- authentication method to be used, authenticates with the chosen
- method, then sends a relay request. The SOCKS server evaluates the
- request, and either establishes the appropriate connection or denies
- it.
-
- Unless otherwise noted, the decimal numbers appearing in packet-
- format diagrams represent the length of the corresponding field, in
- octets. Where a given octet must take on a specific value, the
- syntax X'hh' is used to denote the value of the single octet in that
- field. When the word 'Variable' is used, it indicates that the
- corresponding field has a variable length defined either by an
- associated (one or two octet) length field, or by a data type field.
-
- The client connects to the server, and sends a version
- identifier/method selection message:
-
- +----+----------+----------+
- |VER | NMETHODS | METHODS |
- +----+----------+----------+
- | 1 | 1 | 1 to 255 |
- +----+----------+----------+
-
- The VER field is set to X'05' for this version of the protocol. The
- NMETHODS field contains the number of method identifier octets that
- appear in the METHODS field.
-
- The server selects from one of the methods given in METHODS, and
- sends a METHOD selection message:
-
- +----+--------+
- |VER | METHOD |
- +----+--------+
- | 1 | 1 |
- +----+--------+
-
- If the selected METHOD is X'FF', none of the methods listed by the
- client are acceptable, and the client MUST close the connection.
-
- The values currently defined for METHOD are:
-
- o X'00' NO AUTHENTICATION REQUIRED
- o X'01' GSSAPI
- o X'02' USERNAME/PASSWORD
- o X'03' to X'7F' IANA ASSIGNED
- o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
- o X'FF' NO ACCEPTABLE METHODS
-
- The client and server then enter a method-specific sub-negotiation.
-
-
-
-Leech, et al Standards Track [Page 3]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- Descriptions of the method-dependent sub-negotiations appear in
- separate memos.
-
- Developers of new METHOD support for this protocol should contact
- IANA for a METHOD number. The ASSIGNED NUMBERS document should be
- referred to for a current list of METHOD numbers and their
- corresponding protocols.
-
- Compliant implementations MUST support GSSAPI and SHOULD support
- USERNAME/PASSWORD authentication methods.
-
-4. Requests
-
- Once the method-dependent subnegotiation has completed, the client
- sends the request details. If the negotiated method includes
- encapsulation for purposes of integrity checking and/or
- confidentiality, these requests MUST be encapsulated in the method-
- dependent encapsulation.
-
- The SOCKS request is formed as follows:
-
- +----+-----+-------+------+----------+----------+
- |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
- +----+-----+-------+------+----------+----------+
- | 1 | 1 | X'00' | 1 | Variable | 2 |
- +----+-----+-------+------+----------+----------+
-
- Where:
-
- o VER protocol version: X'05'
- o CMD
- o CONNECT X'01'
- o BIND X'02'
- o UDP ASSOCIATE X'03'
- o RSV RESERVED
- o ATYP address type of following address
- o IP V4 address: X'01'
- o DOMAINNAME: X'03'
- o IP V6 address: X'04'
- o DST.ADDR desired destination address
- o DST.PORT desired destination port in network octet
- order
-
- The SOCKS server will typically evaluate the request based on source
- and destination addresses, and return one or more reply messages, as
- appropriate for the request type.
-
-
-
-
-
-Leech, et al Standards Track [Page 4]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
-5. Addressing
-
- In an address field (DST.ADDR, BND.ADDR), the ATYP field specifies
- the type of address contained within the field:
-
- o X'01'
-
- the address is a version-4 IP address, with a length of 4 octets
-
- o X'03'
-
- the address field contains a fully-qualified domain name. The first
- octet of the address field contains the number of octets of name that
- follow, there is no terminating NUL octet.
-
- o X'04'
-
- the address is a version-6 IP address, with a length of 16 octets.
-
-6. Replies
-
- The SOCKS request information is sent by the client as soon as it has
- established a connection to the SOCKS server, and completed the
- authentication negotiations. The server evaluates the request, and
- returns a reply formed as follows:
-
- +----+-----+-------+------+----------+----------+
- |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
- +----+-----+-------+------+----------+----------+
- | 1 | 1 | X'00' | 1 | Variable | 2 |
- +----+-----+-------+------+----------+----------+
-
- Where:
-
- o VER protocol version: X'05'
- o REP Reply field:
- o X'00' succeeded
- o X'01' general SOCKS server failure
- o X'02' connection not allowed by ruleset
- o X'03' Network unreachable
- o X'04' Host unreachable
- o X'05' Connection refused
- o X'06' TTL expired
- o X'07' Command not supported
- o X'08' Address type not supported
- o X'09' to X'FF' unassigned
- o RSV RESERVED
- o ATYP address type of following address
-
-
-
-Leech, et al Standards Track [Page 5]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- o IP V4 address: X'01'
- o DOMAINNAME: X'03'
- o IP V6 address: X'04'
- o BND.ADDR server bound address
- o BND.PORT server bound port in network octet order
-
- Fields marked RESERVED (RSV) must be set to X'00'.
-
- If the chosen method includes encapsulation for purposes of
- authentication, integrity and/or confidentiality, the replies are
- encapsulated in the method-dependent encapsulation.
-
-CONNECT
-
- In the reply to a CONNECT, BND.PORT contains the port number that the
- server assigned to connect to the target host, while BND.ADDR
- contains the associated IP address. The supplied BND.ADDR is often
- different from the IP address that the client uses to reach the SOCKS
- server, since such servers are often multi-homed. It is expected
- that the SOCKS server will use DST.ADDR and DST.PORT, and the
- client-side source address and port in evaluating the CONNECT
- request.
-
-BIND
-
- The BIND request is used in protocols which require the client to
- accept connections from the server. FTP is a well-known example,
- which uses the primary client-to-server connection for commands and
- status reports, but may use a server-to-client connection for
- transferring data on demand (e.g. LS, GET, PUT).
-
- It is expected that the client side of an application protocol will
- use the BIND request only to establish secondary connections after a
- primary connection is established using CONNECT. In is expected that
- a SOCKS server will use DST.ADDR and DST.PORT in evaluating the BIND
- request.
-
- Two replies are sent from the SOCKS server to the client during a
- BIND operation. The first is sent after the server creates and binds
- a new socket. The BND.PORT field contains the port number that the
- SOCKS server assigned to listen for an incoming connection. The
- BND.ADDR field contains the associated IP address. The client will
- typically use these pieces of information to notify (via the primary
- or control connection) the application server of the rendezvous
- address. The second reply occurs only after the anticipated incoming
- connection succeeds or fails.
-
-
-
-
-
-Leech, et al Standards Track [Page 6]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- In the second reply, the BND.PORT and BND.ADDR fields contain the
- address and port number of the connecting host.
-
-UDP ASSOCIATE
-
- The UDP ASSOCIATE request is used to establish an association within
- the UDP relay process to handle UDP datagrams. The DST.ADDR and
- DST.PORT fields contain the address and port that the client expects
- to use to send UDP datagrams on for the association. The server MAY
- use this information to limit access to the association. If the
- client is not in possesion of the information at the time of the UDP
- ASSOCIATE, the client MUST use a port number and address of all
- zeros.
-
- A UDP association terminates when the TCP connection that the UDP
- ASSOCIATE request arrived on terminates.
-
- In the reply to a UDP ASSOCIATE request, the BND.PORT and BND.ADDR
- fields indicate the port number/address where the client MUST send
- UDP request messages to be relayed.
-
-Reply Processing
-
- When a reply (REP value other than X'00') indicates a failure, the
- SOCKS server MUST terminate the TCP connection shortly after sending
- the reply. This must be no more than 10 seconds after detecting the
- condition that caused a failure.
-
- If the reply code (REP value of X'00') indicates a success, and the
- request was either a BIND or a CONNECT, the client may now start
- passing data. If the selected authentication method supports
- encapsulation for the purposes of integrity, authentication and/or
- confidentiality, the data are encapsulated using the method-dependent
- encapsulation. Similarly, when data arrives at the SOCKS server for
- the client, the server MUST encapsulate the data as appropriate for
- the authentication method in use.
-
-7. Procedure for UDP-based clients
-
- A UDP-based client MUST send its datagrams to the UDP relay server at
- the UDP port indicated by BND.PORT in the reply to the UDP ASSOCIATE
- request. If the selected authentication method provides
- encapsulation for the purposes of authenticity, integrity, and/or
- confidentiality, the datagram MUST be encapsulated using the
- appropriate encapsulation. Each UDP datagram carries a UDP request
- header with it:
-
-
-
-
-
-Leech, et al Standards Track [Page 7]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- +----+------+------+----------+----------+----------+
- |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
- +----+------+------+----------+----------+----------+
- | 2 | 1 | 1 | Variable | 2 | Variable |
- +----+------+------+----------+----------+----------+
-
- The fields in the UDP request header are:
-
- o RSV Reserved X'0000'
- o FRAG Current fragment number
- o ATYP address type of following addresses:
- o IP V4 address: X'01'
- o DOMAINNAME: X'03'
- o IP V6 address: X'04'
- o DST.ADDR desired destination address
- o DST.PORT desired destination port
- o DATA user data
-
- When a UDP relay server decides to relay a UDP datagram, it does so
- silently, without any notification to the requesting client.
- Similarly, it will drop datagrams it cannot or will not relay. When
- a UDP relay server receives a reply datagram from a remote host, it
- MUST encapsulate that datagram using the above UDP request header,
- and any authentication-method-dependent encapsulation.
-
- The UDP relay server MUST acquire from the SOCKS server the expected
- IP address of the client that will send datagrams to the BND.PORT
- given in the reply to UDP ASSOCIATE. It MUST drop any datagrams
- arriving from any source IP address other than the one recorded for
- the particular association.
-
- The FRAG field indicates whether or not this datagram is one of a
- number of fragments. If implemented, the high-order bit indicates
- end-of-fragment sequence, while a value of X'00' indicates that this
- datagram is standalone. Values between 1 and 127 indicate the
- fragment position within a fragment sequence. Each receiver will
- have a REASSEMBLY QUEUE and a REASSEMBLY TIMER associated with these
- fragments. The reassembly queue must be reinitialized and the
- associated fragments abandoned whenever the REASSEMBLY TIMER expires,
- or a new datagram arrives carrying a FRAG field whose value is less
- than the highest FRAG value processed for this fragment sequence.
- The reassembly timer MUST be no less than 5 seconds. It is
- recommended that fragmentation be avoided by applications wherever
- possible.
-
- Implementation of fragmentation is optional; an implementation that
- does not support fragmentation MUST drop any datagram whose FRAG
- field is other than X'00'.
-
-
-
-Leech, et al Standards Track [Page 8]
-
-RFC 1928 SOCKS Protocol Version 5 March 1996
-
-
- The programming interface for a SOCKS-aware UDP MUST report an
- available buffer space for UDP datagrams that is smaller than the
- actual space provided by the operating system:
-
- o if ATYP is X'01' - 10+method_dependent octets smaller
- o if ATYP is X'03' - 262+method_dependent octets smaller
- o if ATYP is X'04' - 20+method_dependent octets smaller
-
-8. Security Considerations
-
- This document describes a protocol for the application-layer
- traversal of IP network firewalls. The security of such traversal is
- highly dependent on the particular authentication and encapsulation
- methods provided in a particular implementation, and selected during
- negotiation between SOCKS client and SOCKS server.
-
- Careful consideration should be given by the administrator to the
- selection of authentication methods.
-
-9. References
-
- [1] Koblas, D., "SOCKS", Proceedings: 1992 Usenix Security Symposium.
-
-Author's Address
-
- Marcus Leech
- Bell-Northern Research Ltd
- P.O. Box 3511, Stn. C,
- Ottawa, ON
- CANADA K1Y 4H7
-
- Phone: (613) 763-9145
- EMail: mleech@xxxxxx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Leech, et al Standards Track [Page 9]
-
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits