Uwe
The idea of replacing shared library routines by firewall implementations
has been proposed in the firewalls list some time ago by Mark Verber of
Xerox. He contributed the source code for a connect() replacement which is
able to talk to Sun's Igateway telnet proxy server.
You write about some problems you were faced with:
>
> - The clients can't call the SOCKSinit()-function that sets a
> global variable which is needed by the other SOCKS-functions.
>
> The solution was to "hardcode" this value into the
> SOCKS-functions at compile-time (#define).
>
There are variants of the SOCKS package where SOCKSinit() is also used to
pass certain client-specific information to the SOCKS server, like e. g.
an identification of the client program for the purpose of logging at the
server side.
> - Rconnect uses the original connect to access the proxy-server.
>
> I don't have the sourcecode for SUN's "libc", so I had to
> "guess" the source for the original connect. I compiled it
> under a different name and included this object in "libc".
> (It would be great, if someone can provide the original
> Sun sources for connect and bind.)
>
You could circumvent this by invoking syscall(2) for connect. This is an
extract of the proxy connect() referred to above:
#include <sys/syscall.h>
#include <sys/socket.h>
#include <netinet/in.h>
static int ReallyConnect(s, name, namelen)
int s;
struct sockaddr *name;
int namelen;
{
return syscall(SYS_connect, s, name, namelen);
}
> The other SOCKS-functions (bind, listen, accept) are needed
> for FTP (ftp, xmosaic, ...). "Bind" is used by TCP and UDP(!).
> The UDP-usage of bind causes the SOCKS-bind to fail. I programmed
> a switch that uses the original bind for UDP and the SOCKS-version
> for TCP.
>
Allowing UDP across a firewall is yet another discussion in the firewalls
list ...
Regards,
Heinz Naef, nexos ag Frobenstrasse 66, CH-4053 Basel, Switzerland
Phone: +41 61 283-5500 - Fax: +41 61 271-9600
Internet: whna @
nexos .
com - X.400: C=ch; A=arCom; P=EUnet; O=nexos; S=whna
|
|
