|
A BIND request is used
in protocols that require the client to accept inbound connection from
the application server. For instance, FTP
uses a client-to-server outbound connection for command and a server-to-client
inbound connection for transferring data.
After a CONNECT request
has been granted, the client can send a BIND
request to prepare for inbound connections from the application server.
The client will usually listen to calls from the application on a new socket,
and use the existing primary connection created with CONNECT
to inform the application server about its new socket's IP address and
PORT number.
The following BIND request
should be encapsulated according to the authentication method with the
following format:
+----+-----+-------+------+----------+----------+ |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT | +----+-----+-------+------+----------+----------+ 1 1 `0x00` 1 Variable 2
where:
VER: 0x05 SOCKS protocol version number
CMD: Command code 0x02 for BIND
request
RSV: RESERVED
ATYP: Destination address type
DST.ADDR: Destination address
DST.PORT: Destination port
The client includes the IP address and the port number of the destination host, and a userid, in the following format:
+-----+----+----+----+----+----+----+----+----+----+....+----+ | VER | CD | DSTPORT | DSTIP | USERID |NULL| +-----+----+----+----+----+----+----+----+----+----+....+----+ 1 1 2 4 variable 1
where:
VER: SOCKS protocol version number (1 byte)
CD: Command code 2 for BIND
request
DSTIP: Destination port number (2 bytes)
DSTIP: Destination IPv4 address (4 bytes)
USERID: A RFC
1413 user id
NULL: The \0 character
In SOCKS Protocol
Version 4A, a BIND request can also include the application
server domain name instead of relying on its IP address. In that case,
DSTIP should consist of three NULL bytes and
a non-zero value.
The corresponding IP address in DSTIP (0.0.0.x)
becomes inadmissible and the application domain name should be attached
after the NULL byte, with its own NULL byte.
+-----+----+----+----+----+----+----+----+----+----+....+----+----+----+....+----+ | VER | CD | DSTPORT | DSTIP | USERID |NULL| DOMAIN |NULL| | | | |NULL|NULL|NULL|[^0]| | | | | +-----+----+----+----+----+----+----+----+----+----+....+----+----+----+....+----+ 1 1 2 4 variable 1 variable 1
This is useful when the client cannot resolve the destination host's domain
name to find its IP address. When DSTIP represents an invalid
IP address, the server should resolve the domain name before proxying the
requests.
A reply packet is sent to the client to inform about the connection status. Two replies are sent from the SOCKS server to the client when:
+----+-----+-------+------+----------+----------+ |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT | +----+-----+-------+------+----------+----------+ 1 1 `0x00` 1 Variable 2
where:
VER: SOCKS Protocol Version: 0x05
REP: Reply field
RSV: RESERVED (0x00)
ATYP: Address type
BND.ADDR: Server bound address
BND.PORT: Server bound port
The code REP might have one of the following values:
0x00: succeeded
0x01: general SOCKS server failure
0x02: connection not allowed by ruleset
0x03: Network unreachable
0x04: Host unreachable
0x05: Connection refused
0x06: TTL expired
0x07: Command not supported
0x08: Address type not supported
0x09 to 0xFF unassigned
When a reply from the SOCKS server indicates a failure, the SOCKS server MUST terminate the TCP connection immediately after sending the reply.
If the reply code to a BIND request indicates a success (REP
is 0x00), the client may now start passing data.
After the first BIND reply, the client can use BND.ADDR
and BND.PORT to notify the application server of the rendezvous
address through the primary connection. In the second BIND
reply, the BND.PORT and BND.ADDR fields contain
the address and port number of the connecting host.
+-----+-----+----+----+----+----+----+----+ | VER | REP | DSTPORT | DSTIP | +-----+-----+----+----+----+----+----+----+ 1 1 2 4
where:
VER: Version of the reply code (always 0)
REP: The response code
DSTPORT: Server bound port
DSTIP: Server bound address
As with CONNECT, the response code REP might
have one of the following values.
identd
on the client
identd
report different user-ids
If the request failed, the SOCKS server closes its connection immediately after notifying the client with codes 91, 92, or 93.
When the request is successful, the server obtains its own socket to wait
for incoming connections from the application server. The information about
this socket is sent to the client through DSTPORT and DSTIP
so that the client can use it in communications with the application server.
When the DSTIP is INADDR_ANY = 0,
the client should replace it with the IP address of the SOCKS server.
When the connection from the application server is established, the SOCKS
server sends a second response to the client. If the host that connected
to the SOCKS server does not match the application host specified in the
BIND request, the CD field is set to 91,
and both connections are closed.
If the host matches the application server, the SOCKS server starts to relay traffic on both connections. Thus, the client can now perform I/O operations on the same connection as if it were directly connected to the application server.
For the BIND operation, the server sets a time limit of 2
minutes for the establishment of its connection with the application server.
If the connection is still not established when the time limit expires,
the server closes its connection to the client and gives up.