home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 26
/
Cream of the Crop 26.iso
/
os2
/
sockd.zip
/
SOCKD.DOC
< prev
next >
Wrap
Text File
|
1997-05-18
|
10KB
|
226 lines
If some of you are interrested, I developped a new PM version of my
sockd server for OS/2.
Due to the fact socks V4 protocol requires "DNS name" support, I used the
DNS kit or DDNS code from Warp Server on the same OS/2 gateway workstation.
A socks support is required on the end-user stations to enable these to
use the sockd gateway. For my V4 tests, I used the "socks" code from OS/2 V4,
Web Explorer 1.2, Netscape/2 and ...
Sockd 1.13:
- add support for proxy connections between sockD servers (no authentication
and NO encryption support at this time... ).
Sockd 1.12:
- correct the "adapter" spin in the "profile" setup window... It was
in any case giving "sl0"...
- add support for sockd.log archiving. By sample it can be saved every
day into a "sockdlog.NNN" file and only the seventh last days were kept.
A sample REXX program (sockdrep.cmd) is also included to write a report
of sockd utilization from these "archived" sockdlog files (in the current
directory.
- add an option to permit ONLY socks V5 userid/password authentication if
userids are specified in the "permit" statement(s).(In V4 there is NO
password checking).
Sockd 1.11:
- correct SYS3175 on systems with more than 256 fonts...
- correct SYS3175 at end of initialization if "no logging" was selected.
- add parameters to customize TCP session time-out to support "long" telnet
connections. A UDP time-out parameter was also added for UDP Associate
sessions.
Sockd 1.10:
- many corrections on PM "font" support and presentation...
Sockd 1.09:
- convert the auto-dial adapter name to lower case before calling "ioctl"
It corrects problems with auto-dial function.
- add support for "font selection"...
Sockd 1.08:
- Tested on OS/2 Warp V4
- auto-configuration of IP alias addresses from OS/2 V4 MPTS.
- Now compiled with Visualage C++ V3 and OS/2 Toolkit V3.
- Enhanced help with RFC 1918 to describe "reusable" IP subnet addresses
and setup of DDNS server (from Warp Server).
- A correction was build on the UDP Associate protocol to support a destination
address of 0 in the command and to get the real destination from the first
frame sent. Support for frame sequencing was also added but with a limit
of 8 KBytes as buffer size.
- In addition to flags "811" I add support for "851"(<UP,POINTTOTPOINT,RUNNING>)
Sockd 1.07:
- To correct a "SYS3175" from time to time at the end of "initialization".
Sockd 1.06:
- Support for UDP Associate (V5 only as described in RFC 1928) is added.
An "rpingv5" commmand is also given as sample to ping hosts on the other
side of the "firewall". It uses UDP Associate to connect to the sockd
server with a destination port of "1". The sockd opens a "raw" socket
for "icmp" if dest port is 1 (otherwise a UDP socket for standard
UDP associate applications)... The command pings by default every 3
seconds (and not every second) to go through the firewall.
To use it gives the firewall IP address as additional parameter.
By sample : "rpingv5 www.yahoo.com 9.36.71.9".
Sockd 1.05:
1) Auto-Dial setup dialog window had a problem to setup another adapter
than sl0
2) Put the initialization process in a thread
What's new in sockd 1.04:
1) PM code was improved to suppress "flickering".
2) Correction of sockets opened by error during auto-dial process.
3) Four levels of logging (to avoid too big file if sockd is running
for a long time).
Functions added in sockd 1.03:
1) Support for switched auto-dial connection to an Internet provider.
For it, you have to customize two batch files:
1) sockdial.cmd to dial and logon to the service provider
2) sockclos.cmd to close the connection (after a delay without session)
These two "exec" files must be put in a directory set in your "path" statement
Sockd checks the status of the dial-up connection with the "flags" of the
the adapter status. On the time being only "811" is considered as OK.
If you need another status support, please send a note to
GILLAIN at BRUVMIS1
2) In addition to the auto-dial function, I try to add "auto" configuration
for the sockd.rte (the route file) and in auto-dial I put by default
a sockd.cfg giving access to anybody from subnets connected on "fixed"
adapters (LAN) to the public network (all ports)... Noboby has access
to any TCP port on local "LAN" from the "external" network (through the
auto-dial adapter).
Corrections:
1) Socks V4 works again (it was damaged in 1.02)
2) One "extra" byte suppressed in socks V5 DNS support
Test configuration
----
---- ---
---- ----
---- Internet --
---- -
------ IBM IGN --
---*-------
*
*
******* testuser
* * Dial-up ----------
* * modem *Thinkpad*
* ----*-----
* * * *
* * ------*------ Ethernet *9.36.71.10
* T-R *** PS/VP *---------------------*---
* * * bebd238 *9.36.71.9
* * -------------
9.132.89.238
ibm.com philg.benelux.ibm.com
9.0.0.0 9.36.71.0
With a correct setup, it is possible to use Internal servers (ibm.com)
through sockd on the PS/VP. If an external server is used (by sample
www.yahoo.com) the auto-dial is automaticcally used.
The choice is done through "sockd.rte" configuration. By default sockd
gives only access to the "local" subnet on the LAN adapter (9.132.88.0).
The "auto-dial" adapter is automatically set as giving access to world.
Functions added in sockd 1.02:
1) A partial support of Socks V5 protocols:
a) no authentication and userid/password authentication
b) IP address V4 and DNS name in CONNECT and BIND for Version 5
c) IP addresses V6 are NOT supported (I need another TCP/IP stack for that)
d) GSSAPI is not supported (it requires OS/2 DCE V2)
e) UDP Associate is also NOT implemented (it is a sort of IP tunneling)
2) A test rftp (rftpv5.exe) command is provided for testing V5 protocols
It supports only some FTP subcommands (dir, get, put, del, mget and pwd).
This test command can be used without a Socks gateway
rftpv5 ps.boulder.ibm.com
or through a Socks V5 gateway giving its address as second parameter
rftpv5 ps.boulder.ibm.com 9.36.71.9 by sample
Functions included in sockd 1.01 are:
1) support of SOCKS_BIND for FTP application (tested only with socksbeta)
2) server port number modifiable
3) logging for successfull and denied sessions (can be disabled)
4) easy configuration (sockd finding IP addresses from the stack)
(but it should use previous configuration files)
5) dynamic reset (without stopping the program) for testing new config
You can get the executable code as "sockd.zip" by anonymous FTP on
bedb237.benelux.ibm.com (9.132.89.237) ...
The source code (IBM Internal Use Only) is available on request (send a note).
Problems ?:
-----------
1)If sockd doesn't start when named is running:
From time to time sockd blocks in a "gethostbyaddr()" macro used to convert
one of the local IP address in a name. The solution is to stop named (CTRL-C),
start sockd, when it is running, restart named.
2)If after stopping sockd, you can NOT restart it, wait for 2 minutes
and then restart it (the port number 1080 is blocked, sockd tries to "REUSE"
it but ...)
3)If your configuration is limited to one LAN adapter and one dial adapter,
it is better to test sockd without configuring it...
During tests use the view menu option, after check the sockd.log file.
4)If you have really a problem to setup a name server on the gateway
station, define a "hosts" file. For that, when you are testing your
"sockdial.cmd" after the connection and authentication are successfully
completed, use :
host www.yahoo.com
in an OS/2 Window.You are able to get the IP addresses of your favorite servers.
If you install a "completed" hosts file in the ETC directory of the end-user PC
you can test sockd with WebEx (socks V4) without setting a name server.
With a name server and its caching mechanism, you have access to any server.
With an hosts file access is limited...
5)To support socks V5 DNS, the dial-up connection is started automatically
if the name can NOT be locally translated... A better solution is perhaps
to define a list of the "internal" domain names, and to start the connection
only if the request is for another domain name.
On the time being, sockd start the dial-up connection for V5, before checking
if the connection is "permitted" except if the DNS name can be locally
converted (this local checking through named can take 1 minute (time-out).
After the connection is established, response times are normal...
6)In this version, only the flags "811" (<UP,POINTTOPOINT>) is considered
as a "good" status (connection established) on the dial-up adapter.
Support was already added for flags "851" (<UP,POINTTOPOINT,RUNNING>).
If the "auto-dial" doesn't work for you, please check these flags with:
ifconfig ppp0 (by sample)
Send a note to me and I'll add the required support...
7)With current V4 applications like WebEx, the first session must be
done to a DNS name translatted locally (named or hosts file).
After the dial-up connection is established, names can be translatted by
the Internet provider name server, and cached in the local nameD.
8) The DNS kit nameD server can block if the system is fully "socksified".
Don't hesitate to rename the "socks.cfg" file in the ETC directory when
you are running sockD. Unfortunately sockD was not YET tested with the DNS
server of WARP Server...
9)Using WebEx through sockd, some ".gif" files are not correctly received
I am investigating why and how to improve it.
Any suggestion or question to Philippe Gillain
Philippe_Gillain@be.ibm.com