This protocol provides a framework for client-server
applications in both the TCP and UDP domains to conveniently and securely use
the services of a network firewall. The protocol is conceptually a "shim-layer"
between the application layer and the transport layer, and as such does not
provide network layer gateway services, such as forwarding of ICMP messages.
SOCKS Version 4 provides unsecured firewall traversal for TCP-based
client-server applications, including TELNET, FTP, and protocols such as HTTP,
WAIS and GOPHER. This version of SOCKS extends the SOCKS Version 4 model to
include UDP, and extends the framework to include provisions for generalized
strong authentication schemes. It also adapts the addressing scheme to encompass
domain-name and V6 IP addresses.
The implementation of the SOCKS protocol typically involves
the recompilation or relinking of TCP-based client applications to use the
appropriate encapsulation routines in the SOCKS library.
Protocol Structure for TCP-based Clients
Version identifier/method selection message:
| 1 byte |
1 byte |
1-225 bytes |
| Version |
NMethods |
Methods |
Version
The version is 05.
Nmethod
The NMETHODS field contains the number of method identifier octets that appear
in the METHODS field.
The method selection message:
| 1 byte |
1 byte |
| Version |
Method |
Methods
Possible values for methods are:
| 00 |
No authentication required |
| 01 |
GSSAPI |
| 02 |
Username/Password |
| 3 |
IANA assigned |
| 4 to FE |
Reserved for private methods |
| FF |
No acceptable methods |
Socks Request Message
| 1 byte |
1 byte |
Value of 0 |
1 byte |
Variable |
2 bytes |
| Version |
CMD |
Rsv |
ATYP |
DST addr |
DST Port |
Version
The Protocol version is 5.
CMD
Possible values for the cmnd field are:
| 01 |
CONNECT1 |
| 02 |
BIND |
| 03 |
UDP ASSOCIATE |
Reserved
The value of this field is 0.
ATYP
Address type of the following address:
| 01 |
IP V4 address |
| 03 |
DOMAINNAME |
| 04 |
IP V6 address: X'04' |
Destination Address
The destination address desired.
Destination Port
The desired destination port in network octet order.
Socks Reply Message
| 1 byte |
1 byte |
Value of 0 |
1 byte |
Variable |
2 bytes |
| Version |
REP |
RSV |
ATYP |
BND addr |
BND Port |
Version
The protocol version is 5.
REP
The reply field.
Possible values for the reply field are:
| 00 |
Succeeded |
| 01 |
General SOCKS server failure |
| 02 |
Connection not allowed by ruleset |
| 03 |
Network unreachable |
| 04 |
Host unreachable |
| 05 |
Connection refused |
| 06 |
TTL expired |
| 07 |
Command not supported |
| 08 |
Address type not supported |
| 09 to FF |
Unassigned |
RSV
Reserved, the value of this field is 0.
ATYP
Address type of the following address:
| 01 |
IP V4 address |
| 03 |
DOMAINNAME |
| 04 |
IP V6 address: X'04' |
BND Address
Server bound address.
BND Port
Server bound port in network octet order.
Protocol Structure for UDP-based Clients
Each UDP datagram carries a UDP request header
with it:
UDP Request Header
| 2byte |
1 byte |
1 byte |
Variable |
2 |
Variable |
| RSV |
FRAG |
ATYP |
DST Addr |
DST Port |
Data |
RSV
This field is reserved. Its value is 0000.
FRAG
This field contains the current fragment number, and indicates whether the
datagram is one of a number of fragments.
ATYP
Address type of the following address:
| 01 |
IP V4 address |
| 03 |
DOMAINNAME |
| 04 |
IP V6 address: X'04' |
DST addr
Desired destination address.
DST Port
Desired destination port.
Data
User data. |
If you have any problem, please tell us to help you.
