[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch



On Mon, Oct 13, 2014 at 10:29:13PM +0200, Martin Lambers wrote:
> Hi!
> 
> I don't use a proxy myself; I have a few questions about SOCKS support
> in general and your patch in particular:
> 
> 1. Is there any need for anything except SOCKS5? It has been around for
> ages, does anybody really still need SOCKS4?

AFAIK, SOCKS4 is totally dead. Some older systems still do SOCKS4a, but
it's not that common. It was already implemented so I kept it.

> 2. Nobody protects the SOCKS5 protocol with TLS, right?

I'm sure there exists *some* person who does this, but it's not common
in the slightest.

> 3. Is there a valid use case for SOCKS5 authentication? It only
> supports unprotected user/password transmission (well, and GSSAPI, but
> nobody uses that). This makes it pretty useless.

It's really not any more work to do the basic user/password
authentication than it is to do the normal protocol. It just adds one
extra step.

> If we only need SOCKS5 without TLS and possibly also without
> authentication, then SOCKS5 integration could be done by only
> extending net_open_socket(), as sketched in the attached
> patch. Or am I missing something?
> 
> Martin

That's about how my patch goes, except that I do it it at the bottom
instead of the top of the function. I also just modify the one place
that gets the canonical name to return localhost.

If you have HAVE_PROXY defined, all net_open_socket does is call 
net_connect_proxy which in turn looks up the IP address from the string
of the proxy value given, in a way I know won't ping the DNS server,
then call net_connect to make the connection, and run tunnel_to which
is the pseudo-code is doing. I just didn't want a million line
net_open_socket function. It's really long as it is.

The code in proxy.c works just fine fine for the SOCKS5 with no
authentication case already. The really horrible stuff in in the HTTP
connect proxy area. Even the SOCKS4 code is okish.  You can just take
the one good case out of the switch and save the effort of writing it.
You could even make the buffer that handles the responses and everything
way smaller because the max size it could be is ~275 characters; the
size of what you can fit into an unsigned char plus the few extra octets
to store the request type and port.

CustaiCo