diff options
author | Nick Mathewson <nickm@torproject.org> | 2004-06-17 18:11:31 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2004-06-17 18:11:31 +0000 |
commit | 620b4308ff08ff9923286ef2a9a7e219dabf621e (patch) | |
tree | a4051045cb60f93f7bc6c9872b5f26f371795d73 /doc/socks-extensions.txt | |
parent | bcc1e8bb6bff1c39966e3044c5d5c335e0ef823e (diff) | |
download | tor-620b4308ff08ff9923286ef2a9a7e219dabf621e.tar.gz tor-620b4308ff08ff9923286ef2a9a7e219dabf621e.zip |
document socks extensions and dns lookup code
svn:r1976
Diffstat (limited to 'doc/socks-extensions.txt')
-rw-r--r-- | doc/socks-extensions.txt | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/doc/socks-extensions.txt b/doc/socks-extensions.txt new file mode 100644 index 0000000000..fabf28f7a0 --- /dev/null +++ b/doc/socks-extensions.txt @@ -0,0 +1,60 @@ +$Id$ +Tor's extensions to the SOCKS protocol + +1. Overview + + The SOCKS protocol provides a generic interface for TCP proxies. Client + software connects to a SOCKS server via TCP, and requests a TCP connection + to another address and port. The SOCKS server establishes the connection, + and reports success or failure to the client. After the connection has + been established, the client application uses the TCP stream as usual. + + Tor supports SOCKS4 as defined in [1], SOCKS4A as defined in [2], and + SOCKS5 as defined in [3]. + + The stickiest issue for Tor in supporting clients, in practice, is forcing + DNS lookups to occur at the OR side: if clients do their own DNS lookup, + the DNS server can learn which addresses the client wants to reach. + SOCKS4 supports addressing by IPv4 address; SOCKS4A is a kludge on top of + SOCKS4 to allow addressing by hostname; SOCKS5 supports IPv4, IPv6, and + hostnames. + +1.1. Extent of support + + Tor supports the SOCKS4, SOCKS4A, and SOCKS5 standards, except as follows: + + BOTH: + - The BIND command is not supported. + + SOCKS4,4A: + - SOCKS4 usernames are ignored. + + SOCKS5: + - The (SOCKS5) "UDP ASSOCIATE" command is not supported. + - IPv6 is not supported in CONNECT commands. + - Only the "NO AUTHENTICATION" (SOCKS5) authentication method [00] is + supported. + +2. Name lookup + + As an extension to SOCKS4A and SOCKS5, Tor implements a new command value, + "RESOLVE" [F0]. When Tor receives a "RESOLVE" SOCKS command, it initiates + a remote lookup of the hostname provided as the target address in the SOCKS + request. The reply is either an error (if the address couldn't be + resolved) or a success response. In the case of success, the address is + stored in the portion of the SOCKS response reserved for remote IP address. + + (We support RESOLVE in SOCKS4A too, even though it is unnecessary.) + +3. HTTP-resistance + + Tor checks the first byte of each socks request to see whether it looks + more like an HTTP request (that is, it starts with a "G", "H", or "P"). If + so, Tor returns a small webpage, telling the user that his/her browser is + misconfigured. This is helpful for the many users who mistakenly try to + use Tor as an HTTP proxy instead of a SOCKS proxy. + +References: + [1] http://archive.socks.permeo.com/protocol/socks4.protocol + [2] http://archive.socks.permeo.com/protocol/socks4a.protocol + [3] SOCKS5: RFC1928 |