[jdev] SOCKS5 Bytestream File Transfer problem

Anthony Ortiz anthonypaulo at gmail.com
Fri Feb 25 16:50:16 CST 2005 

Thanks for replying!

Yes, I am trying to open up a SOCKS5 connection to the hash value as
host : port 0 as per my understanding of the protocol :

*** QUOTE [http://www.jabber.org/jeps/jep-0065.html#proto-establish] ***

4.6 Target Establishes SOCKS5 Connection with StreamHost

[1] If the Target is willing to accept the bytestream, it MUST attempt
to open a standard TCP socket on the network address of the StreamHost
communicated by the Initiator. If the Initiator provides more than one
StreamHost, the Target SHOULD try to connect to them in the order they
occur.

...

[3] If the Target is able to open a TCP socket on a StreamHost, it
MUST utilize the SOCKS5 protocol specified in RFC 1928 [7] to
establish the connection with the StreamHost. In accordance with the
SOCKS5 RFC, the Target MAY have to authenticate in order to use the
proxy. However, any authentication required is beyond the scope of
this JEP.

[4] Once the Target has successfully authenticated with the Proxy
(even anonymously), it SHOULD send a CONNECT request to a host named:
SHA1(SID + Initiator JID + Target JID), port 0, where the SHA1 hashing
algorithm is specified by RFC 3174 [8]. The JIDs provided MUST be full
JIDs (i.e., <user at host/resource>); furthermore, in order to ensure
proper results, the appropriate stringprep profiles (as specified in
XMPP Core [9]) MUST be applied to the JIDs before application of the
SHA1 hashing algorithm.

[5] Example 14. Target Connects to StreamHost

CMD = X'01'
ATYP = X'03'
DST.ADDR = SHA1 Hash of: (SID + Initiator JID + Target JID)
DST.PORT = 0
    
[6] Example 15. StreamHost Acknowledges Connection

STATUS = X'00'
 
*** END QUOTE ***

At first, my understanding was that I should open a standard TCP
connection to the streamhost(s) (192.168.1.100:8010 in this particular
case) in order to test if the connnection could be made (as per the
paragraph [1]). I did this at first and that part worked fine & was
able to connect, but then I stripped that code out because it seemed
redundant after I read paragraph [3] which states that I will have to
open a SOCKS5 connection to that streamhost anyway, and in the
following line refers to the streamhost as a "proxy".  To further
bolster the assumption that the streamhost (192.168.1.100:8010) is
actually a SOCKS5 proxy, paragraph [4] refers to actions following the
successful authentication with the "proxy". This is why I have the
following line in my code :

Proxy.setDefaultProxy(host, port); // sets SOCKS5 proxy to be 192.168.1.100:8010

Paragraph [4] clearly states that once I have authenticated with the
Proxy, I should connet to (and I quote) "a host named: SHA1(SID +
Initiator JID + Target JID), port 0, where the SHA1 hashing algorithm
is specified by RFC 3174 [8]. The JIDs provided MUST be full JIDs
(i.e., <user at host/resource>)

So this tells me that the actual SOCKS5 host to connect to is the SHA1
hash of sid + from + to and that the port is 0. That is why I have the
following line in my code :

Socket ss = new SocksSocket(SocksHost, 0);

Paragraph [5] illustrates an example of the SOCKS5 connection, and it
further reinforces the idea of what the SOCKS5 host address and port
is :

*** QUOTE ***
DST.ADDR = SHA1 Hash of: (SID + Initiator JID + Target JID)
DST.PORT = 0
*** END QUOTE ***

The example in paragraph [5] details the underlying SOCKS5 data which
is detailed in http://www.faqs.org/rfcs/rfc1928.html and covered by
the SOCKS5 library, so I don't need to worry about sending raw SOCKS5
commands and such, the library does that for me.

So do I have this whole thing figured out wrong?? I read and re-read
the whole thing several times, and it could be that I'm just plain
dumb, but I've tried to detail my understanding of the protocol as
best as possible in the hopes that someone can point out where I'm
going wrong.

Thanks!!! :)

Anthony

p.s. btw Justin... great work on the PSI client! I downloaded it
yesterday and it's a hell of a client! Beats the exodus and Disney Go
clients I had been using in the past. Also, I read your article
yesterday regarding the "sad state of jabber"
(http://delta.affinix.com/docs/sadstate.html) as well as some other
articles. Good stuff man, keep up the good work!

On Fri, 25 Feb 2005 12:38:30 -0800, Justin Karneges
<justin-keyword-jabber.093179 at affinix.com> wrote:
> On Friday 25 February 2005 04:45 am, Anthony Ortiz wrote:
> > // using libidn/java/gnu/inet/encoding/Stringprep.java -- too boring
> > to implement, thk god I found this!
> > String SocksHost = SHA1(sid + Stringprep.nameprep(from + to)); // HASH
> > OUTPUT=9134A1B74EB358B866C604B1E1B0DDEE0D664967
> 
> > host = 192.168.1.100
> > port = 8010
> > // using http://lightning.prohosting.com/~kirillka/SOCKS/SOCKSLib.html
> > SOCKS5 library. thk god for this too!
> > Proxy.setDefaultProxy(host, port);
> > Socket ss = new SocksSocket(SocksHost, 0);  // <-- Unknown Host Exception
> 
> I don't understand this code.  What is Proxy?
> 
> It looks to me like you're creating a Socket that is trying to physically
> connect to that hash value (SocksHost) as a host, which is not going to work
> at all.  What you want to do is physically connect to 192.168.1.100, and then
> send the hash value in a packet over this connection.
> 
> -Justin
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>

More information about the JDev mailing list