[icq-devel] direct connections behaviour when using a proxy



Mark van Cuijk webmaster at phedny.zzn.com
Wed Dec 11 15:06:01 CET 2002


Hi,

As far as I'm reading this, it seems to me you're using a SOCKS proxyserver. I don't know about SOCKS version 4, but in version 5 it goes like this:

When the program wishes to use a SOCKS proxy to accept connections, it will establish a (second) connection to the proxy server. In stead of issuing the "connect" command, it 
issues a "listen" command. The proxy server will (or will not) allow the actions and starts listening on a random port. It then informs the client which IP-address and port 
can be used. The client then has to inform the other client somehow about this port, probably using another connection via the proxy server. Then, when there is an incoming 
connection on the "external side" of the proxy, it informs the client about this event and proxy starts relaying messages over this (second) connection.

With (active) FTP it flows like this:
1. Client connects to proxy (1) and issues a connect call to the server
2. Proxy connects to the server
3. Client makes another connection to proxy (2) and issues a listen call
4. Proxy returns IP/port-pair
5. Client passes this combination on to the server via proxy (connection 1)
6. Server connects to this port on the given IP
7. Proxy informs client about this
8. Connection 2 is used for data transfer

For the proxy, the only difference is the beginning. For normal operations ("connect") the client connects to the proxy, then the proxy connects to the server. After this, it 
will only relay data in two directions. For "listen" actions, the client connects to the proxy and retrieves a IP/port-pair. The server connects to this IP/port-pair and the 
proxy informs the client about it. After this, it will only relay data in two directions (again).

Now, let's get to ICQ (I didn't test this, but I assume it's going like this):
1. ICQ connects to proxy (1) and issues a connect call to the server
2. Proxy connects to the server
3. When a direct connection needs to be established, (normally ICQ starts listening on a port), it connects to the proxy again (connection 2)
4. Proxy returns IP/port-pair
5. Client passes this combination on to the other client (via the server on connection 1)
6. Remote client connects to this port on the given IP
7. Proxy informs client about this
8. Connection 2 can now be used as client-to-client connection

As you see, in this way ICQ does not listen on any port, it's the proxy who is listening and ICQ only has outgoing connections (to the proxy).

More about SOCKS v5 can be found on ftp://ftp.isi.edu/in-notes/rfc1928.txt

- Mark






More information about the icq-devel mailing list