> From whna @
nexos .
com Thu Aug 5 14:54:44 1993
> You could circumvent this by invoking syscall(2) for connect. This is an
> extract of the proxy connect() referred to above:
>
Thanks a lot for the sourcecode. It looks very similar to my "guess".
> > The other SOCKS-functions (bind, listen, accept) are needed
> > for FTP (ftp, xmosaic, ...). "Bind" is used by TCP and UDP(!).
> > The UDP-usage of bind causes the SOCKS-bind to fail. I programmed
> > a switch that uses the original bind for UDP and the SOCKS-version
> > for TCP.
> >
> Allowing UDP across a firewall is yet another discussion in the firewalls
> list ...
>
Yes, I know. I certainly don't want to allow UDP across the firewall.
The problem is, that bind is used for TCP *and* UDP. Almost
every TCP-client uses bind with UDP (e.g. for DNS-queries).
So I programmed the switch that checks, if the bind is for TCP.
If it is TCP (acceptable for the SOCKS-proxy) the SOCKS-bind
is called, if it is UDP or something else unacceptable for the
Firewall the original bind is called.
Uwe Ellermann
|
|
