Cream of the Crop 26

home *** CD-ROM | disk | FTP | other *** search

/ Cream of the Crop 26 / Cream of the Crop 26.iso / os2 / sockd.zip / SOCKD.DOC < prev next >

Wrap

Text File | 1997-05-18 | 10KB | 226 lines

If some of you are interrested, I developped a new PM version of my sockd server for OS/2. Due to the fact socks V4 protocol requires "DNS name" support, I used the DNS kit or DDNS code from Warp Server on the same OS/2 gateway workstation. A socks support is required on the end-user stations to enable these to use the sockd gateway. For my V4 tests, I used the "socks" code from OS/2 V4, Web Explorer 1.2, Netscape/2 and ... Sockd 1.13: - add support for proxy connections between sockD servers (no authentication and NO encryption support at this time... ). Sockd 1.12: - correct the "adapter" spin in the "profile" setup window... It was in any case giving "sl0"... - add support for sockd.log archiving. By sample it can be saved every day into a "sockdlog.NNN" file and only the seventh last days were kept. A sample REXX program (sockdrep.cmd) is also included to write a report of sockd utilization from these "archived" sockdlog files (in the current directory. - add an option to permit ONLY socks V5 userid/password authentication if userids are specified in the "permit" statement(s).(In V4 there is NO password checking). Sockd 1.11: - correct SYS3175 on systems with more than 256 fonts... - correct SYS3175 at end of initialization if "no logging" was selected. - add parameters to customize TCP session time-out to support "long" telnet connections. A UDP time-out parameter was also added for UDP Associate sessions. Sockd 1.10: - many corrections on PM "font" support and presentation... Sockd 1.09: - convert the auto-dial adapter name to lower case before calling "ioctl" It corrects problems with auto-dial function. - add support for "font selection"... Sockd 1.08: - Tested on OS/2 Warp V4 - auto-configuration of IP alias addresses from OS/2 V4 MPTS. - Now compiled with Visualage C++ V3 and OS/2 Toolkit V3. - Enhanced help with RFC 1918 to describe "reusable" IP subnet addresses and setup of DDNS server (from Warp Server). - A correction was build on the UDP Associate protocol to support a destination address of 0 in the command and to get the real destination from the first frame sent. Support for frame sequencing was also added but with a limit of 8 KBytes as buffer size. - In addition to flags "811" I add support for "851"(<UP,POINTTOTPOINT,RUNNING>) Sockd 1.07: - To correct a "SYS3175" from time to time at the end of "initialization". Sockd 1.06: - Support for UDP Associate (V5 only as described in RFC 1928) is added. An "rpingv5" commmand is also given as sample to ping hosts on the other side of the "firewall". It uses UDP Associate to connect to the sockd server with a destination port of "1". The sockd opens a "raw" socket for "icmp" if dest port is 1 (otherwise a UDP socket for standard UDP associate applications)... The command pings by default every 3 seconds (and not every second) to go through the firewall. To use it gives the firewall IP address as additional parameter. By sample : "rpingv5 www.yahoo.com 9.36.71.9". Sockd 1.05: 1) Auto-Dial setup dialog window had a problem to setup another adapter than sl0 2) Put the initialization process in a thread What's new in sockd 1.04: 1) PM code was improved to suppress "flickering". 2) Correction of sockets opened by error during auto-dial process. 3) Four levels of logging (to avoid too big file if sockd is running for a long time). Functions added in sockd 1.03: 1) Support for switched auto-dial connection to an Internet provider. For it, you have to customize two batch files: 1) sockdial.cmd to dial and logon to the service provider 2) sockclos.cmd to close the connection (after a delay without session) These two "exec" files must be put in a directory set in your "path" statement Sockd checks the status of the dial-up connection with the "flags" of the the adapter status. On the time being only "811" is considered as OK. If you need another status support, please send a note to GILLAIN at BRUVMIS1 2) In addition to the auto-dial function, I try to add "auto" configuration for the sockd.rte (the route file) and in auto-dial I put by default a sockd.cfg giving access to anybody from subnets connected on "fixed" adapters (LAN) to the public network (all ports)... Noboby has access to any TCP port on local "LAN" from the "external" network (through the auto-dial adapter). Corrections: 1) Socks V4 works again (it was damaged in 1.02) 2) One "extra" byte suppressed in socks V5 DNS support Test configuration ---- ---- --- ---- ---- ---- Internet -- ---- - ------ IBM IGN -- ---*------- * * ******* testuser * * Dial-up ---------- * * modem *Thinkpad* * ----*----- * * * * * * ------*------ Ethernet *9.36.71.10 * T-R *** PS/VP *---------------------*--- * * * bebd238 *9.36.71.9 * * ------------- 9.132.89.238 ibm.com philg.benelux.ibm.com 9.0.0.0 9.36.71.0 With a correct setup, it is possible to use Internal servers (ibm.com) through sockd on the PS/VP. If an external server is used (by sample www.yahoo.com) the auto-dial is automaticcally used. The choice is done through "sockd.rte" configuration. By default sockd gives only access to the "local" subnet on the LAN adapter (9.132.88.0). The "auto-dial" adapter is automatically set as giving access to world. Functions added in sockd 1.02: 1) A partial support of Socks V5 protocols: a) no authentication and userid/password authentication b) IP address V4 and DNS name in CONNECT and BIND for Version 5 c) IP addresses V6 are NOT supported (I need another TCP/IP stack for that) d) GSSAPI is not supported (it requires OS/2 DCE V2) e) UDP Associate is also NOT implemented (it is a sort of IP tunneling) 2) A test rftp (rftpv5.exe) command is provided for testing V5 protocols It supports only some FTP subcommands (dir, get, put, del, mget and pwd). This test command can be used without a Socks gateway rftpv5 ps.boulder.ibm.com or through a Socks V5 gateway giving its address as second parameter rftpv5 ps.boulder.ibm.com 9.36.71.9 by sample Functions included in sockd 1.01 are: 1) support of SOCKS_BIND for FTP application (tested only with socksbeta) 2) server port number modifiable 3) logging for successfull and denied sessions (can be disabled) 4) easy configuration (sockd finding IP addresses from the stack) (but it should use previous configuration files) 5) dynamic reset (without stopping the program) for testing new config You can get the executable code as "sockd.zip" by anonymous FTP on bedb237.benelux.ibm.com (9.132.89.237) ... The source code (IBM Internal Use Only) is available on request (send a note). Problems ?: ----------- 1)If sockd doesn't start when named is running: From time to time sockd blocks in a "gethostbyaddr()" macro used to convert one of the local IP address in a name. The solution is to stop named (CTRL-C), start sockd, when it is running, restart named. 2)If after stopping sockd, you can NOT restart it, wait for 2 minutes and then restart it (the port number 1080 is blocked, sockd tries to "REUSE" it but ...) 3)If your configuration is limited to one LAN adapter and one dial adapter, it is better to test sockd without configuring it... During tests use the view menu option, after check the sockd.log file. 4)If you have really a problem to setup a name server on the gateway station, define a "hosts" file. For that, when you are testing your "sockdial.cmd" after the connection and authentication are successfully completed, use : host www.yahoo.com in an OS/2 Window.You are able to get the IP addresses of your favorite servers. If you install a "completed" hosts file in the ETC directory of the end-user PC you can test sockd with WebEx (socks V4) without setting a name server. With a name server and its caching mechanism, you have access to any server. With an hosts file access is limited... 5)To support socks V5 DNS, the dial-up connection is started automatically if the name can NOT be locally translated... A better solution is perhaps to define a list of the "internal" domain names, and to start the connection only if the request is for another domain name. On the time being, sockd start the dial-up connection for V5, before checking if the connection is "permitted" except if the DNS name can be locally converted (this local checking through named can take 1 minute (time-out). After the connection is established, response times are normal... 6)In this version, only the flags "811" (<UP,POINTTOPOINT>) is considered as a "good" status (connection established) on the dial-up adapter. Support was already added for flags "851" (<UP,POINTTOPOINT,RUNNING>). If the "auto-dial" doesn't work for you, please check these flags with: ifconfig ppp0 (by sample) Send a note to me and I'll add the required support... 7)With current V4 applications like WebEx, the first session must be done to a DNS name translatted locally (named or hosts file). After the dial-up connection is established, names can be translatted by the Internet provider name server, and cached in the local nameD. 8) The DNS kit nameD server can block if the system is fully "socksified". Don't hesitate to rename the "socks.cfg" file in the ETC directory when you are running sockD. Unfortunately sockD was not YET tested with the DNS server of WARP Server... 9)Using WebEx through sockd, some ".gif" files are not correctly received I am investigating why and how to improve it. Any suggestion or question to Philippe Gillain Philippe_Gillain@be.ibm.com