1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-22 07:38:52 -05:00
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@818 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2007-05-08 18:09:38 +00:00
parent 80d54e4f38
commit 6def0b3d27

View File

@ -28,6 +28,12 @@
&dizzyd;
&linuxwolf;
&stpeter;
<revision>
<version>1.7pre1</version>
<date>in progress, last updated 2007-05-08</date>
<initials>psa</initials>
<remark>Incorporated errata: specified format for SHA1 output; specified BND.ADDR and BND.PORT for SOCKS5 reply; removed extraneous SOCKS5 acknowledgement example from Section 4.9; clarified rules for creation of SOCKS5 connection request in Section 4.6; added examples to Section 4.8; specified that ATYP value is hardcoded to 3 in this usage.</remark>
</revision>
<revision>
<version>1.6</version>
<date>2004-11-12</date>
@ -386,7 +392,13 @@
</iq>
]]></example>
<p>If the Target is able to open a TCP socket on a StreamHost, it MUST utilize the SOCKS5 protocol specified in &rfc1928; to establish the connection with the StreamHost. In accordance with the SOCKS5 RFC, the Target MAY have to authenticate in order to use the proxy. However, any authentication required is beyond the scope of this document.</p>
<p>Once the Target has successfully authenticated with the Proxy (even anonymously), it SHOULD send a CONNECT request to a host named: SHA1(SID + Initiator JID + Target JID), port 0, where the SHA1 hashing algorithm is specified by &rfc3174;. The JIDs provided MUST be full JIDs (i.e., &lt;user@host/resource&gt;); furthermore, in order to ensure proper results, the appropriate stringprep profiles (as specified in &xmppcore;) MUST be applied to the JIDs before application of the SHA1 hashing algorithm.</p>
<p>Once the Target has successfully authenticated with the Proxy (even anonymously), it SHOULD send a CONNECT request to the appropriate host in order to continue the negotiation. The following rules apply:</p>
<ol>
<li>The hostname MUST be SHA1(SID + Initiator JID + Target JID) where the definition of the SHA1 hashing algorithm is as specified by &rfc3174; and the output is hexadecimal-encoded (not binary).</li>
<li>The port MUST be 0 (zero).</li>
<li>The JIDs provided MUST be the JIDs used for the IQ exchange, which MAY be full JIDs (&FULLJID;) or bare JIDs (&BAREJID;).</li>
<li>The appropriate stringprep profiles (as specified in &xmppcore;) MUST be applied to the JIDs before application of the SHA1 hashing algorithm.</li>
</ol>
<example caption='Target Connects to StreamHost'><![CDATA[
CMD = X'01'
ATYP = X'03'
@ -396,11 +408,7 @@ DST.PORT = 0
<example caption='StreamHost Acknowledges Connection'><![CDATA[
STATUS = X'00'
]]></example>
<!--
<example caption='StreamHost Acknowledges Request'><![CDATA[
STATUS = X'00'
]]></example>
-->
<p>When replying to the client in accordance with Section 6 of <cite>RFC 1928</cite>, the StreamHost SHOULD set the BND.ADDR and BND.PORT to the values provided by the client in the connection request.</p>
</section2>
<section2 topic='Target Acknowledges SOCKS5 Connection' anchor='proto-ack'>
<p>After the Target has authenticated with the StreamHost, it MUST send an IQ-result to the Initiator indicating which StreamHost was used.</p>
@ -418,7 +426,16 @@ STATUS = X'00'
the Target.</p>
</section2>
<section2 topic='Initiator Establishes SOCKS5 Connection with StreamHost' anchor='proto-initiator'>
<p>If the StreamHost used is a Proxy, the Initiator MUST authenticate and establish a connection with the StreamHost before requesting that the StreamHost activate bytestream. The Initiator will establish a connection to the SOCKS5 proxy in the same way the Target did, passing the same value for the CONNECT request.</p>
<p>If the StreamHost used is a Proxy, the Initiator MUST authenticate and establish a connection with the StreamHost before requesting that the StreamHost activate bytestream. The Initiator will establish a connection to the SOCKS5 proxy in the same way the Target did (passing the same value for the CONNECT request), as shown in the following examples.</p>
<example caption='Initiator Connects to StreamHost'><![CDATA[
CMD = X'01'
ATYP = X'03'
DST.ADDR = SHA1 Hash of: (SID + Initiator JID + Target JID)
DST.PORT = 0
]]></example>
<example caption='StreamHost Acknowledges Connection to Initiator'><![CDATA[
STATUS = X'00'
]]></example>
</section2>
<section2 topic='Activation of Bytestream' anchor='proto-activation'>
<p>In order for the bytestream to be used, it MUST first be activated by the StreamHost. If the StreamHost is the Initiator, this is straightforward and does not require any in-band protocol. However, if the StreamHost is a Proxy, the Initiator MUST send an in-band request to the StreamHost. This is done by sending an IQ-set to the Proxy, including an &lt;activate/&gt; element whose XML character data specifies the full JID of the Target.</p>
@ -439,10 +456,6 @@ STATUS = X'00'
from='proxy.host3'
to='initiator@host1/foo'
id='activate'/>
]]></example>
<p>The Proxy MUST then send SOCKS5 acknowledgement of the connection to the Target.</p>
<example caption='StreamHost Acknowledges Connection to Target'><![CDATA[
STATUS = X'00'
]]></example>
<p>If the Proxy cannot fulfill the request, it MUST return an IQ-error to the Initiator; the following conditions are defined:</p>
<ul>
@ -699,20 +712,20 @@ DATA = (payload)
<table caption='Request/Parameter Mapping for CONNECT'>
<tr><th>Parameter</th><th>Value</th></tr>
<tr><td>CMD</td><td>1 (CONNECT)</td></tr>
<tr><td>ATYP</td><td>1 (IP V4), 3 (DOMAINNAME), or 4 (IP V6)</td></tr>
<tr><td>ATYP</td><td>Hardcoded to 3 (DOMAINNAME) in this usage</td></tr>
<tr><td>DST.ADDR</td><td>SHA1 Hash of: (SID + Initiator JID + Target JID)</td></tr>
<tr><td>DST.PORT</td><td>0</td></tr>
</table>
<table caption='Request/Parameter Mapping for UDP ASSOCIATE'>
<tr><th>Parameter</th><th>Value</th></tr>
<tr><td>CMD</td><td>3 (UDP ASSOCIATE)</td></tr>
<tr><td>ATYP</td><td>1 (IP V4), 3 (DOMAINNAME), or 4 (IP V6)</td></tr>
<tr><td>ATYP</td><td>Hardcoded to 3 (DOMAINNAME) in this usage</td></tr>
<tr><td>DST.ADDR</td><td>SHA1 Hash of: (SID + Initiator JID + Target JID)</td></tr>
<tr><td>DST.PORT</td><td>0</td></tr>
</table>
<table caption='Request/Parameter Mapping for UDP Packets'>
<tr><th>Parameter</th><th>Value</th></tr>
<tr><td>ATYP</td><td>1 (IP V4), 3 (DOMAINNAME), or 4 (IP V6)</td></tr>
<tr><td>ATYP</td><td>Hardcoded to 3 (DOMAINNAME) in this usage</td></tr>
<tr><td>DST.ADDR</td><td>SHA1 Hash of: (SID + Initiator JID + Target JID)</td></tr>
<tr><td>DST.PORT</td><td>0 or 1, for payload or initialization packets, respectively.</td></tr>
</table>