by Tim Speckhals
The Purpose of the 1-Route Protocol is to allow unreachable locations to be reached anyways using a proxy server.
- Your server is being null-routed and you want your files to be accessable whilst you move them to a new location
- Your ISP doesn't allow incoming connections but you want to expose a local service to the public
| Name | Author | Language(s) | Info |
|---|---|---|---|
| 1-Route Implementation | timmyRS | Java | Proxy and Target in one. |
The 1-Route Protocol is a big endian protocol. The default port is 197.
| Type | Content |
|---|---|
unsigned short |
The length of the Packet. |
byte |
The ID of the Packet. |
byte array |
The Data of the Packet. |
| Type | Content |
|---|---|
byte |
Protocol Version of the target. The newest is 1. |
unsigned short |
The length of the following string. 0 (no password) may be accepted by the proxy, but an IP Filter is recommended in that case. |
string |
The UTF-8 bytes of the password. |
byte |
The kind of connection this is. See below. |
unsigned short |
Only sent if the connection is a Proxy Connection. This specifies the port this connection is for. |
| Byte | Name |
|---|---|
0x00 |
Control Connection |
0x01 |
Proxy Connection |
This can be sent at any point by the target to tell the proxy to start accepting connections to certain ports.
| Type | Content |
|---|---|
byte |
The length of the following array |
unsigned short |
Array of ports the proxy shall open and proxy to the target |
When the packet has been processed, even when no ports were specified, the proxy will send 0x01 Unaccepted Ports to notify of any ports that could not be opened.
This can be sent at any point by the target to tell the proxy to stop accepting connection to certain ports without closing the control connection.
| Type | Content |
|---|---|
byte |
The length of the following array |
unsigned short |
Array of ports the target will no longer accept and can therefore be closed |
boolean |
If true, connections on the port must also be closed. |
| Type | Content |
|---|---|
boolean |
Whether the authentication was successful |
byte |
If the previous is false, this specifies the reason for it. See below. |
unsigned short |
If the previous is 0x00, this specifies the length of the |
string |
UTF-8 bytes of the reason why the authentication failed |
If the authentication was unsucessful, the connection should be closed by the proxy.
If the authentication was for a Proxy Connection, it should be ensured that the entire packet has been read, as the following data will be the raw bytes sent by the client.
| Byte | Name |
|---|---|
0x01 |
IP-Address or Range not allowed |
0x02 |
Protocol Version not supported |
0x03 |
Incorrect Password |
0x00 |
Other |
| Type | Content |
|---|---|
byte |
The length of the following array |
unsigned short |
Array of ports which could not be opened |
Sent after the target sent 0x01 Ports to Open to notify of any ports that could not be opened.
| Type | Content |
|---|---|
unsigned short |
The port which the client has connected to and the local connection would be opened to |
It is recommened to check if the port had been sent in Ports to Open to prevent unwanted connections which seemingly come from localhost.
Client # Reverse Proxy # <-----------------> # Target
# # #
# # <- Auth ----------- #
# # -- Auth Response -> #
# Opens the given ports # <- Ports to Open -- #
Connects to Proxy # # -------- Connect -> #
# # # Opens a new connection to the proxy
# # <-- Auth ---------- #
# # -- Auth Response -> # Opens a local connection to the given port
# Starts proxying # #
-------------- Bytes of any other Protocol -> # Proxies the bytes to the local connection
# # #
- When a local connection of the target is closed, the connection to the proxy should be closed.
- When a proxy connection to the proxy is closed, the proxy should disconnect the client associated with it.
- When the control connection of a target is closed, the proxy should close the ports opened by the target and disconnect all clients connected to the target.