home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
sockd.zip
/
SOCKD.DOC
< prev
next >
Wrap
Text File
|
1998-08-15
|
13KB
|
284 lines
If some of you are interrested, I developped a new PM version of my
sockd server for OS/2.
Due to the fact socks V4 protocol requires "DNS name" support, I used the
DNS kit or DDNS code from Warp Server on the same OS/2 gateway workstation.
A socks support is required on the end-user stations to enable these to
use the sockd gateway. For my V4 tests, I used the "socks" code from OS/2 V4,
Web Explorer 1.2, Netscape/2 and ...
Sockd 1.19:
- Change the limitation on the concurrent number of clients to support bigger
configuration till 510 (in place of 255). To get a correct level of performances
there are now three categories of configuration: between 8 and 60 parallel clients,
between 61 and 199, and betweem 200 and 510. The graphical display of the activity
is performed session per session for first category, per five sessions for the
second and per ten for the third. The THREADS keyword of the OS/2 config.sys must
be adapted to what sockd requires (at least the max number of sessions plus 4, and
plus what you need for the system and other applicatons).
Sockd 1.18:
- Correct Socks UDP Associate support when destination is set only in first
data frame (like with Sockscap 1.03)
- Add a new parameter to customize the time-out value for session establishment
(previously set as a fixed 2 minutes delay now can be customized between 1 and
30 minutes).
Sockd 1.17:
- Correct the Socks V4 BIND command support damaged since version 1.15
(the first height data bytes were truncated in the FTP data transfer sess.)
Sockd 1.16:
- An external queue is added (\QUEUES\SOCKD) to permit configuration changes
to be applied from batch jobs (or to reset sockd from its profile and so
to change the number of concurrent users). The new command is : sockdmsg.
Support is given for parameters as:
1) -c [sockd.cfg] : to reset from a "sockd.cfg" configuration file. If no
path information is given, sockd looks for the file in ETC directory.
2) -p [sockd.pro] : to restart sockd from "sockd.pro" in ETC directory or
another profile file.
3) -l : to reset the logfile from a batch clist..
- due to TCP/IP 4.1 the gettimeofday macro is replaced by DosGetDateTime in
sockd and rpingv5.
- I didn't find a way to correct data corruption with buffer greater than 512
bytes although I tried four different compress/decompress routines and I decided
to suppress the choice of compression on proxy sessions.
- The dynamically allocated tables previously set with malloc are now through
DosAllocMem/DosSubAllocMem process. This method is sparing alloc/free at each
client session.
- An HTML documentation written by Steve Dale (IBM) is added as htmldoc.zip
(thank you Steve).
Sockd 1.15:
- suppress a second positive answer in BIND procedure.
- implement IDEA encryption on proxy CONNECT and BIND sessions.
- add an option to support only encrypted sessions with proxy...
Sockd 1.14:
- correct a TRAP when opening the "proxy" setup window if NO proxy was defined
in the sockd.cfg file
- improve the proxy support adding userid/password authentication based on
"node names" and a first "compression" support to prepare a real compression
and encryption in next version.
THERE IS NO ENCRYPTION YET IN THIS VERSION.
The compression technic used is described in RFC1978. It is NOT efficient
but it doesn't use CPU intensively. It was set for testing and preparing
the next step.
Sockd 1.13:
- add support for proxy connections between sockD servers (no authentication
and NO encryption support at this time... ).
Sockd 1.12:
- correct the "adapter" spin in the "profile" setup window... It was
in any case giving "sl0"...
- add support for sockd.log archiving. By sample it can be saved every
day into a "sockdlog.NNN" file and only the seventh last days were kept.
A sample REXX program (sockdrep.cmd) is also included to write a report
of sockd utilization from these "archived" sockdlog files (in the current
directory.
- add an option to permit ONLY socks V5 userid/password authentication if
userids are specified in the "permit" statement(s).(In V4 there is NO
password checking).
Sockd 1.11:
- correct SYS3175 on systems with more than 256 fonts...
- correct SYS3175 at end of initialization if "no logging" was selected.
- add parameters to customize TCP session time-out to support "long" telnet
connections. A UDP time-out parameter was also added for UDP Associate
sessions.
Sockd 1.10:
- many corrections on PM "font" support and presentation...
Sockd 1.09:
- convert the auto-dial adapter name to lower case before calling "ioctl"
It corrects problems with auto-dial function.
- add support for "font selection"...
Sockd 1.08:
- Tested on OS/2 Warp V4
- auto-configuration of IP alias addresses from OS/2 V4 MPTS.
- Now compiled with Visualage C++ V3 and OS/2 Toolkit V3.
- Enhanced help with RFC 1918 to describe "reusable" IP subnet addresses
and setup of DDNS server (from Warp Server).
- A correction was build on the UDP Associate protocol to support a destination
address of 0 in the command and to get the real destination from the first
frame sent. Support for frame sequencing was also added but with a limit
of 8 KBytes as buffer size.
- In addition to flags "811" I add support for "851"(<UP,POINTTOTPOINT,RUNNING>)
Sockd 1.07:
- To correct a "SYS3175" from time to time at the end of "initialization".
Sockd 1.06:
- Support for UDP Associate (V5 only as described in RFC 1928) is added.
An "rpingv5" commmand is also given as sample to ping hosts on the other
side of the "firewall". It uses UDP Associate to connect to the sockd
server with a destination port of "1". The sockd opens a "raw" socket
for "icmp" if dest port is 1 (otherwise a UDP socket for standard
UDP associate applications)... The command pings by default every 3
seconds (and not every second) to go through the firewall.
To use it gives the firewall IP address as additional parameter.
By sample : "rpingv5 www.yahoo.com 9.36.71.9".
Sockd 1.05:
1) Auto-Dial setup dialog window had a problem to setup another adapter
than sl0
2) Put the initialization process in a thread
What's new in sockd 1.04:
1) PM code was improved to suppress "flickering".
2) Correction of sockets opened by error during auto-dial process.
3) Four levels of logging (to avoid too big file if sockd is running
for a long time).
Functions added in sockd 1.03:
1) Support for switched auto-dial connection to an Internet provider.
For it, you have to customize two batch files:
1) sockdial.cmd to dial and logon to the service provider
2) sockclos.cmd to close the connection (after a delay without session)
These two "exec" files must be put in a directory set in your "path" statement
Sockd checks the status of the dial-up connection with the "flags" of the
the adapter status. On the time being only "811" is considered as OK.
If you need another status support, please send a note to
GILLAIN at BRUVMIS1
2) In addition to the auto-dial function, I try to add "auto" configuration
for the sockd.rte (the route file) and in auto-dial I put by default
a sockd.cfg giving access to anybody from subnets connected on "fixed"
adapters (LAN) to the public network (all ports)... Noboby has access
to any TCP port on local "LAN" from the "external" network (through the
auto-dial adapter).
Corrections:
1) Socks V4 works again (it was damaged in 1.02)
2) One "extra" byte suppressed in socks V5 DNS support
Test configuration
----
---- ---
---- ----
---- Internet --
---- -
------ IBM IGN --
---*-------
*
*
******* testuser
* * Dial-up ----------
* * modem *Thinkpad*
* ----*-----
* * * *
* * ------*------ Ethernet *9.36.71.10
* T-R *** PS/VP *---------------------*---
* * * bebd238 *9.36.71.9
* * -------------
9.132.89.238
ibm.com philg.benelux.ibm.com
9.0.0.0 9.36.71.0
With a correct setup, it is possible to use Internal servers (ibm.com)
through sockd on the PS/VP. If an external server is used (by sample
www.yahoo.com) the auto-dial is automaticcally used.
The choice is done through "sockd.rte" configuration. By default sockd
gives only access to the "local" subnet on the LAN adapter (9.132.88.0).
The "auto-dial" adapter is automatically set as giving access to world.
Functions added in sockd 1.02:
1) A partial support of Socks V5 protocols:
a) no authentication and userid/password authentication
b) IP address V4 and DNS name in CONNECT and BIND for Version 5
c) IP addresses V6 are NOT supported (I need another TCP/IP stack for that)
d) GSSAPI is not supported (it requires OS/2 DCE V2)
e) UDP Associate is also NOT implemented (it is a sort of IP tunneling)
2) A test rftp (rftpv5.exe) command is provided for testing V5 protocols
It supports only some FTP subcommands (dir, get, put, del, mget and pwd).
This test command can be used without a Socks gateway
rftpv5 ps.boulder.ibm.com
or through a Socks V5 gateway giving its address as second parameter
rftpv5 ps.boulder.ibm.com 9.36.71.9 by sample
Functions included in sockd 1.01 are:
1) support of SOCKS_BIND for FTP application (tested only with socksbeta)
2) server port number modifiable
3) logging for successfull and denied sessions (can be disabled)
4) easy configuration (sockd finding IP addresses from the stack)
(but it should use previous configuration files)
5) dynamic reset (without stopping the program) for testing new config
You can get the executable code as "sockd.zip" by anonymous FTP on
bedb237.benelux.ibm.com (9.132.89.237) ...
The source code (IBM Internal Use Only) is available on request (send a note).
Problems ?:
-----------
1)If sockd doesn't start when named is running:
From time to time sockd blocks in a "gethostbyaddr()" macro used to convert
one of the local IP address in a name. The solution is to stop named (CTRL-C),
start sockd, when it is running, restart named.
2)If after stopping sockd, you can NOT restart it, wait for 2 minutes
and then restart it (the port number 1080 is blocked, sockd tries to "REUSE"
it but ...)
3)If your configuration is limited to one LAN adapter and one dial adapter,
it is better to test sockd without configuring it...
During tests use the view menu option, after check the sockd.log file.
4)If you have really a problem to setup a name server on the gateway
station, define a "hosts" file. For that, when you are testing your
"sockdial.cmd" after the connection and authentication are successfully
completed, use :
host www.yahoo.com
in an OS/2 Window.You are able to get the IP addresses of your favorite servers.
If you install a "completed" hosts file in the ETC directory of the end-user PC
you can test sockd with WebEx (socks V4) without setting a name server.
With a name server and its caching mechanism, you have access to any server.
With an hosts file access is limited...
5)To support socks V5 DNS, the dial-up connection is started automatically
if the name can NOT be locally translated... A better solution is perhaps
to define a list of the "internal" domain names, and to start the connection
only if the request is for another domain name.
On the time being, sockd start the dial-up connection for V5, before checking
if the connection is "permitted" except if the DNS name can be locally
converted (this local checking through named can take 1 minute (time-out).
After the connection is established, response times are normal...
6)In this version, only the flags "811" (<UP,POINTTOPOINT>) is considered
as a "good" status (connection established) on the dial-up adapter.
Support was already added for flags "851" (<UP,POINTTOPOINT,RUNNING>).
If the "auto-dial" doesn't work for you, please check these flags with:
ifconfig ppp0 (by sample)
Send a note to me and I'll add the required support...
7)With current V4 applications like WebEx, the first session must be
done to a DNS name translatted locally (named or hosts file).
After the dial-up connection is established, names can be translatted by
the Internet provider name server, and cached in the local nameD.
8) The DNS kit nameD server can block if the system is fully "socksified".
Don't hesitate to rename the "socks.cfg" file in the ETC directory when
you are running sockD. Unfortunately sockD was not YET tested with the DNS
server of WARP Server...
9)Using WebEx through sockd, some ".gif" files are not correctly received
I am investigating why and how to improve it.
Any suggestion or question to Philippe Gillain
Philippe_Gillain@be.ibm.com