draft-ietf-aft-socks-protocol-v5-02.txt   draft-ietf-aft-socks-protocol-v5-03.txt 
Socks Protocol Version 5 Socks Protocol Version 5
INTERNET-DRAFT INTERNET-DRAFT
Expires: In Six Months M. Leech Expires: In Six Months M. Leech
<draft-ietf-aft-socks-protocol-v5-02.txt> M. Ganis <draft-ietf-aft-socks-protocol-v5-03.txt> M. Ganis
Y. Lee Y. Lee
R. Kuris R. Kuris
D. Koblas D. Koblas
L. Jones L. Jones
SOCKS Protocol Version 5 SOCKS Protocol Version 5
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
skipping to change at page 4, line 9 skipping to change at page 4, line 9
The client and server then enter a method-specific sub- The client and server then enter a method-specific sub-
negotiation. Descriptions of the method-dependent sub- negotiation. Descriptions of the method-dependent sub-
negotiations appear in separate drafts. negotiations appear in separate drafts.
Developers of new METHOD support for this protocol Developers of new METHOD support for this protocol
should contact IANA for a METHOD number. The ASSIGNED should contact IANA for a METHOD number. The ASSIGNED
NUMBERS document should be referred to for a current NUMBERS document should be referred to for a current
list of METHOD numbers and their corresponding proto- list of METHOD numbers and their corresponding proto-
cols. cols.
Compliant implementations MUST support both GSSAPI and Compliant implementations MUST support GSSAPI and
USERNAME/PASSWORD authentication methods. SHOULD support USERNAME/PASSWORD authentication meth-
ods.
4. Requests 4. Requests
Once the method-dependent subnegotiation has completed, Once the method-dependent subnegotiation has completed,
the client sends the request details. If the negoti- the client sends the request details. If the negoti-
ated method includes encapsulation for purposes of ated method includes encapsulation for purposes of
integrity checking and/or confidentiality, these integrity checking and/or confidentiality, these
requests MUST be encapsulated in the method-dependent requests MUST be encapsulated in the method-dependent
encapsulation. encapsulation.
skipping to change at page 5, line 16 skipping to change at page 5, line 19
the field: the field:
o X'01' o X'01'
the address is a version-4 IP address, with a length of the address is a version-4 IP address, with a length of
4 octets 4 octets
o X'03' o X'03'
the address field contains a DNS-style domain name. the address field contains a DNS-style domain name.
The first octet of the address field contains the The first octet of the address field contains the num-
length of the domain name. ber of octets that follow.
o X'04' o X'04'
the address is a version-6 IP address, with a length of the address is a version-6 IP address, with a length of
16 octets. 16 octets.
6. Replies 6. Replies
The SOCKS request information is sent by the client as The SOCKS request information is sent by the client as
soon as it has established a connection to the SOCKS soon as it has established a connection to the SOCKS
skipping to change at page 5, line 49 skipping to change at page 6, line 5
o VER protocol version: X'05' o VER protocol version: X'05'
o REP Reply field: o REP Reply field:
o X'00' succeeded o X'00' succeeded
o X'01' general SOCKS server failure o X'01' general SOCKS server failure
o X'02' connection not allowed by ruleset o X'02' connection not allowed by ruleset
o X'03' Network unreachable o X'03' Network unreachable
o X'04' Host unreachable o X'04' Host unreachable
o X'05' Connection refused o X'05' Connection refused
o X'06' TTL expired o X'06' TTL expired
o X'07' to X'FF' unassigned o X'07' Command not supported
o X'08' Address type not supported
o X'09' to X'FF' unassigned
o RSV RESERVED o RSV RESERVED
o ATYP address type of following address o ATYP address type of following address
o IP V4 address: X'01' o IP V4 address: X'01'
o DOMAINNAME: X'03' o DOMAINNAME: X'03'
o IP V6 address: X'04' o IP V6 address: X'04'
o BND.ADDR server bound address o BND.ADDR server bound address
o BND.PORT server bound port in network octet order o BND.PORT server bound port in network octet order
Fields marked RESERVED (RSV) must be set to X'00'. Fields marked RESERVED (RSV) must be set to X'00'.
skipping to change at page 7, line 43 skipping to change at page 7, line 46
UDP DESTROY UDP DESTROY
The UDP DESTROY request is used to destroy an existing The UDP DESTROY request is used to destroy an existing
association within the UDP relay process. The DST.ADDR association within the UDP relay process. The DST.ADDR
and DST.PORT fields contain the address and port number and DST.PORT fields contain the address and port number
of the UDP relay process corresponding to the associa- of the UDP relay process corresponding to the associa-
tion to destroy. Once a UDP ASSOCIATE request has been tion to destroy. Once a UDP ASSOCIATE request has been
processed, the SOCKS client MUST terminate the connec- processed, the SOCKS client MUST terminate the connec-
tion. tion.
Reply Processing
When a reply (REP value other than X'00') indicates a When a reply (REP value other than X'00') indicates a
failure, the SOCKS server MUST terminate the TCP con- failure, the SOCKS server MUST terminate the TCP con-
nection shortly after sending the reply. This must be nection shortly after sending the reply. This must be
no more than 10 seconds after detecting the condition no more than 10 seconds after detecting the condition
that caused a failure. that caused a failure.
If the reply code (REP value of X'00') indicates a suc- If the reply code (REP value of X'00') indicates a suc-
cess, and the request was either a BIND or a CONNECT, cess, and the request was either a BIND or a CONNECT,
the client may now start passing data. If the selected the client may now start passing data. If the selected
authentication method supports encapsulation for the authentication method supports encapsulation for the
skipping to change at page 8, line 25 skipping to change at page 8, line 31
the reply to the UDP ASSOCIATE request. If the the reply to the UDP ASSOCIATE request. If the
selected authentication method provides encapsulation selected authentication method provides encapsulation
for the purposes of authenticity, integrity, and/or for the purposes of authenticity, integrity, and/or
confidentiality, the datagram MUST be encapsulated confidentiality, the datagram MUST be encapsulated
using the appropriate encapsulation. Each UDP datagram using the appropriate encapsulation. Each UDP datagram
carries a UDP request header with it: carries a UDP request header with it:
+----+------+------+----------+----------+----------+ +----+------+------+----------+----------+----------+
|RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA | |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
+----+------+------+----------+----------+----------+ +----+------+------+----------+----------+----------+
| 1 | 2 | 1 | Variable | 2 | Variable | | 2 | 1 | 1 | Variable | 2 | Variable |
+----+------+------+----------+----------+----------+ +----+------+------+----------+----------+----------+
The fields in the UDP request header are: The fields in the UDP request header are:
o RSV Reserved X'0000' o RSV Reserved X'0000'
o FRAG Current fragment number o FRAG Current fragment number
o ATYP address type of following addresses: o ATYP address type of following addresses:
o IP V4 address: X'01' o IP V4 address: X'01'
o DOMAINNAME: X'03' o DOMAINNAME: X'03'
o IP V6 address: X'04' o IP V6 address: X'04'
skipping to change at page 9, line 10 skipping to change at page 9, line 16
encapsulation. encapsulation.
The UDP relay server MUST acquire from the SOCKS server The UDP relay server MUST acquire from the SOCKS server
the expected IP address of the client that will send the expected IP address of the client that will send
datagrams to the BND.PORT given in the reply to UDP datagrams to the BND.PORT given in the reply to UDP
ASSOCIATE. It MUST drop any datagrams arriving from ASSOCIATE. It MUST drop any datagrams arriving from
any source IP address other than the one recorded for any source IP address other than the one recorded for
the particular association. the particular association.
The FRAG field indicates whether or not this datagram The FRAG field indicates whether or not this datagram
is one of a number of fragments. The high-order bit is one of a number of fragments. If implemented, the
indicates end-of-fragment sequence, while a value of high-order bit indicates end-of-fragment sequence,
X'00' indicates that this datagram is standalone. Val- while a value of X'00' indicates that this datagram is
ues between 1 and 127 indicate the fragment position standalone. Values between 1 and 127 indicate the
within a fragment sequence. Each receiver will have a fragment position within a fragment sequence. Each
REASSEMBLY QUEUE and a REASSEMBLY TIMER associated with receiver will have a REASSEMBLY QUEUE and a REASSEMBLY
these fragments. The reassembly queue must be reini- TIMER associated with these fragments. The reassembly
tialized and the associated fragments abandoned when- queue must be reinitialized and the associated frag-
ever the REASSEMBLY TIMER expires, or a new datagram ments abandoned whenever the REASSEMBLY TIMER expires,
arrives carrying a FRAG field whose value is less than or a new datagram arrives carrying a FRAG field whose
the highest FRAG value processed for this fragment value is less than the highest FRAG value processed for
sequence. The reassembly timer MUST be no less than 5 this fragment sequence. The reassembly timer MUST be
seconds. It is recommended that fragmentation be no less than 5 seconds. It is recommended that frag-
avoided by applications wherever possible. mentation be avoided by applications wherever possible.
Implementation of fragmentation is optional; an imple- Implementation of fragmentation is optional; an imple-
mentation that does not support fragmentation MUST drop mentation that does not support fragmentation MUST drop
any datagram whose FRAG field is other than X'00'. any datagram whose FRAG field is other than X'00'.
The programming interface for a SOCKS-aware UDP MUST The programming interface for a SOCKS-aware UDP MUST
report an available buffer space for UDP datagrams that report an available buffer space for UDP datagrams that
is smaller than the actual space provided by the oper- is smaller than the actual space provided by the oper-
ating system: ating system:
 End of changes. 7 change blocks. 
21 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/