SOCKS 5 Sample Filter

This sample application filter demonstrates the use of the SOCKS 5 protocol.The filter hooks into the SOCKS control channel (TCP port 1080). For each connection made to this port, an object (CSocksConnection) is created. This object identifies calls to IFWXNetworkSocket::Connect and IFWXNetworkSocket::Bind and handles them.

First, there is a negotiation between the client and the SOCKS filter, which is acting as a SOCKS server. In the negotiation the client offers the server ways to authenticate the client. The server picks one way (in this sample, user name and password) and then the client sends the server a user name and password. The server checks the authentication and if this user is allowed to make a connection, the SOCKS protocol continues as in the SOCKS 4/4a protocol.

When the CSocksConnection object detects a call to IFWXNetworkSocket::Connect, the filter creates a session for the client's IP address if it is needed; that is, if there is no session already connected to that IP address. The filter then creates a socket on this session and makes a connection to the destination address that was provided by the client in the IFWXNetworkSocket::Connect request.

When the Firewall service detects a call to IFWXNetworkSocket::Bind, the filter searches for the related session. This session should exist because IFWXNetworkSocket::Bind always comes after IFWXNetworkSocket::Connect.

If this session does not exist, the filter sends an error packet to the client. If the session does exist, the filter creates a socket and calls IFWXNetworkSocket::Bind, IFWXNetworkSocket::Listen, and IFWXNetworkSocket::Accept for the client. The filter then sends a reply to the client with the external address of the proxy server to which the external server should connect.

After accepting the connection from the server, the filter sends the client a second packet with the internal address to which the client should send the data.

If, in one of these commands, the client sends a domain name instead of an IP address, a name resolution is performed by the SOCKS filter.

The sample only handles SOCKS 5.

Methods Used in SOCKS 5 Sample Filter

The SOCKS 5 sample uses the following methods:

IFWXImpersonator::Impersonate

IFWXImpersonator::RevertToSelf

IFWXIOBuffer::GetBufferAndSize

IFWXNetworkSocket::Accept

IFWXNetworkSocket::Bind

IFWXNetworkSocket::Connect

IFWXNetworkSocket::GetPeerName

IFWXNetworkSocket::GetSockName

IFWXNetworkSocket::Listen

IFWXNetworkSocket::SetPacketFilterOptions

IFWXSession::CreateNetworkSocket

IFWXSocket::Close

IFWXSocket::Recv

IFWXSocket::Send

IFWXFilter::AttachToSession

IFWXFilter::FilterInit

IFWXFilter::FilterShutdown

IFWXFilterAdmin::InstallFilter

IFWXFilterAdmin::UninstallFilter

IFWXFirewall::CreateBuffer

IFWXFirewall::CreateNetworkSocket

IFWXFirewall::CreatePrivateSession

IFWXFirewall::DuplicateFilterHookEvents

IFWXFirewall::EndHeavyBlockingOperation

IFWXFirewall::IsInternal

IFWXFirewall::StartHeavyBlockingOperation