[Standards] XEP-0065: SOCKS5 acknowledgement after stream activation

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Mon May 7 23:33:03 UTC 2007


On Monday 07 May 2007 3:51 pm, Peter Saint-Andre wrote:
> Peter Saint-Andre wrote:
> > Jakob Schroeter wrote:
> >> Hi,
> >>
> >> On Tue May 1 2007, Justin Karneges wrote:
> >>> On Monday 30 April 2007 3:37 pm, Jakob Schroeter wrote:
> >>>> However, it seems this is not inline with the SOCKS5 spec[1], e.g.
> >>>> immediately after the proxy acknowledged the connection to the target
> >>>> (Section 4.6 in XEP-0065) the stream is ready to be used as far as
> >>>> SOCKS5
> >>>> is concerned. So calling this a 'SOCKS5 acknowledgement' is wrong,
> >>>> IMHO.
> >>>
> >>> You're right, this looks like a goof.  Example 19 and the text above it
> >>> should be removed I think, although I have not double-checked with my
> >>> own
> >>> code.
> >>>
> >>>> Further, it appears neither of the clients I tested against
> >>>> (Iris/Kopete/Psi, Gajim, Tkabber) nor proxy65 are sending or expecting
> >>>> such additional byte/s (if it were SOCKS5, it'd be at least two bytes:
> >>>> X'05', X'00').
> >>>
> >>> The SOCKS5 snippets in the XEP use a short-hand, they do not describe
> >>> entire packets.  I believe the "STATUS = X'00'" refers to the entire
> >>> response packet, and that is just the only field we care about.  E.g.
> >>> this
> >>> would have been the same as the meaning of Example 15.
> >>>
> >>>> Is this a left-over from an earlier revision? Would peeple be
> >>>> interested
> >>>> in a (in-band?) stream-active notification from stream host to target?
> >>>
> >>> For what purpose?
> >>
> >> A simple file retrieval protocol could use it, similar to the good old
> >> 'fax polling'. Anyway, I was just wondering about this when
> >> implementing 0065, and it'd be fine with me if Example 19 would be
> >> removed as you proposed.
> >
> > That seems correct.
>
> Er, no, I think it's a simple copy-and-paste error, where I didn't
> change "Target" to "Initiator". The text should say:
>
> ******
>
> The Proxy MUST then send SOCKS5 acknowledgement of the connection to the
> Initiator.
>
> Example 19. StreamHost Acknowledges Connection to Initiator
>
> STATUS = X'00'
>
> ******

In the Iris implementation, the SOCKS5 handshake between the initiator and the 
streamhost must complete before the initiator sends the <activate> request 
over XMPP.

From section 4.8: "If the StreamHost used is a Proxy, the Initiator MUST 
authenticate and establish a connection with the StreamHost before requesting 
that the StreamHost activate bytestream."  I read "authenticate and 
establish" to mean the entire process of the SOCKS5 handshake, including 
acks.  This would mean that the ack would occur during 4.8, and has no place 
in 4.9.

I vote we drop example 19, and possibly clarify section 4.8.

-Justin



More information about the Standards mailing list