Advanced IBM i JT400 - Part 2. (SOCK5)
NOTE: This is continuation of Advanced IBM i JT400 networking.
In this chapter we will write about advanced JT400 usage with the SOCK5 support added by Green Screens Ltd.
In the beginning, we made a lot of magic to make it work for internal needs of our Green Screen Server. After every JT400 library update we had to repeat the code update process over and over again to support JT400 library updates.
The solution we had was not good enough to go to the public, however, it became easier for us to update the changes required internally by our product after JT400 migrated to GitHub and after some code and build process were refactored. Over time, the solution was polished, optimized and finally shared to the public.
How does it work?
For this solution to work properly, IBM I server must be running SSHD service.
From client side, open SSH tunnel in daemon mode to forward all incoming connections through SSH encrypted channel to the other side.
ssh -D 5000 ibmuser@ibmserver -p22 -gfTNCommand above will start SSH daemon listening on port 500o for SOCK5 protocol connections. Connect to the ibmserver with the user ibmuser and will be running as a background service in daemon mode.
With Green Screen Ltd. contribution to the JT400 library, minimal one-line change is required to use SSH connection in SOCK5 mode.
// localhost is address visible from SSHD runing on IBM i
final AS400 as400 = new AS400("localhost", "demo", "demo");
// localhost here is SOCK5 service runnign at local machine
as400.setSock5Server("localhost:5000");
System.out.println(as400.validateSignon());
as400.close();Simple example for AS400JPing is similar...
// localhost is address visible from SSHD runing on IBM i
final AS400JPing pingObj = new AS400JPing("localhost", AS400.CENTRAL, false);
// ==>>> easy
pingObj.setSock5Server("localhost:5000");
pingObj.setPrintWriter(System.out);
pingObj.ping(AS400.CENTRAL);
pingObj.ping(AS400.SIGNON);
pingObj.ping(AS400.COMMAND);
pingObj.ping(AS400.FILE);
pingObj.ping(AS400.PRINT);
pingObj.ping(AS400.RECORDACCESS);
To use AS400JDBCDriver...
// preload and register driver
Class.forName("com.ibm.as400.access.AS400JDBCDriver");
// Driver url with proxy as sock5
final String jdbcUrl = "jdbc:as400://localhost;use sock5=true;proxy server=localhost:5000";
// final connection
final Connection conn = DriverManager.getConnection(jdbcUrl, "demo", "demo");
... do SQL queryTo use AS400JDBCDataSource
// localhost is address visible from SSHD runing on IBM i
AS400JDBCDataSource ds = new AS400JDBCDataSource("localhost");
// the same property is used for proxy and sock5
ds.setProxyServer("localhost:5000");
// flag to tell how to use proxy value (as sock5 or proxy)
ds.setUseSock5(true);
ds.setUser("demo");
ds.setPassword("demo");
AS_UNIX for UNIX/Linux
Above is just part of the story. We also added support for UNIX/Linux AF_UNIX socket (not fully tested). A type of connection using inter-process communication without using network stack.
For example, many databases allows direct connections for internal services, such as applications written in NodeJs or Go or Rust etc. running as a service connected to the database can utilize AF_UNIX for better performance.
Even SSH itself do not support such approach, Green Screens developed it's own encrypted tunnel, a version of Shadowsocks with SOCK5 and AF_UNIX support for internal needs allowing Green Screen Server to connect to the AS_UNIX process for encrypted tunnel at the other side.
The principle is to start Green Screens Server and Green Screens Tunnel inside a cloud for an example, then a second Green Screens Tunnel at the IBM i server side of the network, to allow encrypted connections. Such system would allow even direct connections with the original unmodified JT400.
Latest JT400 source update with Green Screens Ltd. changes can be found at our JTOpen GitHub repository.
For anyone interested in involvement or comments, please check our pull request at the original IBM JTOpen repository... Add SOCK5 and UNIX channels support to JT400