SOCKS 4/4a Sample Filter

Microsoft Internet Security and Acceleration Server 2000

SOCKS 4/4a Sample Filter

This sample application filter demonstrates the use of SOCKS protocol version 4/4a. The filter hooks into the SOCKS control channel (TCP port 1080). For each connection made to this port, an object (CSocksConnection) is created. This object identifies calls to IFWXNetworkSocket::Connect and IFWXNetworkSocket::Bind and handles them.

When the CSocksConnection object detects a call to IFWXNetworkSocket::Connect, the filter creates a session for the client's IP address if it is needed; that is, if there is no session already connected to that IP address. The filter then creates a socket on this session and makes a connection to the destination address that was provided by the client in the IFWXNetworkSocket::Connect request.

When the Firewall service detects a call to IFWXNetworkSocket::Bind, the filter searches for the related session. This session should exist because IFWXNetworkSocket::Bind always comes after IFWXNetworkSocket::Connect.

If this session does not exist, the filter sends an error packet to the client. If the session does exist, the filter creates a socket and calls IFWXNetworkSocket::Bind, IFWXNetworkSocket::Listen, and IFWXNetworkSocket::Accept for the client. The filter then sends a reply to the client with the external address of the proxy server to which the external server should connect.

After accepting the connection from the server, the filter sends the client a second packet containing the internal address to which the client should send the data.

If the client sends a domain name rather than an IP address in one of these commands, a name resolution is performed by the SOCKS filter.

The sample only handles SOCKS 4/4a.