Cullen Programming

JAVA Internet Proxy Server


Design Notes, Known Problems and Limitations


General Limitations

Default storage allocation is 64M bytes for product execution. This should accommodate normal traffic for up to 10 connected client computers. The value is user modifiable and can be easily adjusted higher.

The maximum message length that will be captured during Instant Messaging tracing will be limited to 4K bytes of data. This is needed to prevent virtual memory saturation.


JAVA Run Environment on Windows platforms prior to Win/98 Second Edition

You may have to locate the pathname of the "java.exe" program and list it in your PATH, locate the pathname of the "rt.jar" file and list that also in your CLASSPATH environmental variables, if not already available.
If when you type "java" and the java program load and executes its HELP, then you PATH is OK.
Otherwise use the following commands to locate the two components:

dir java.exe /s
dir rt.jar /s


Windows Environmental Space on Windows pre-XP platforms

Environmental Space is virtual storage set aside for accomodating global variables used by various operating system tasks and applications. If running Windows or MS-DOS you may want to insure that you have a sufficient amount of this storage allocated on your machine. You can easily increase the your machine's default to 4K bytes by adding the following line to your CONFIG.SYS file:

SHELL=C:COMMAND.COM /E:4096 /P

This will give you 4096 bytes of Environmental Space.

Now either run AUTOEXEC.BAT, or reboot, and your environment is ready.


Linux platforms

There currently is no support for invoking a registered browser application to display selected websites chosen from the logging. You must cut and paste the http address from the log into your browser address box to display a selected site.


Known General Problems

Due to a known problem with the JAVA virtual machine, if the IP connection to your Internet Server Provider not be established prior to starting PServer then the PServer application will not be able to resolve the correct IPS supplied IP address. The JAVA VM cache mechanism retains the IP address of 0.0.0.0 that existed prior to you dialing the Internet Provider Service. Furthermore, if the leased IP address given to a machine running PServer using a dial-up connection is changed either through the Internet Service Provider or the Server dropping the link and the machine redialing, then a new IP address will be leased by the Internet Provider and this will not be reflected in the PServer tasks. The JAVA Virtual Machine will not recognize that an IP change occurred even though an explicit query is made by the PServer application. The JAVA VM holds the last value in its cache mechanism and this is the value that will be returned. The JAVA virtual machine should invalidate this information after a some short interval, recheck its accuracy, or give the developer the option of invalidating that information. SunMicrosystems is aware and working towards resolving this problem. They have documented a circumvention (detailed in the discussion below) to modify the caching values. Otherwise, you must PServer and restart it thus forcing a refreshed JAVA Virtual Environment with a correct IP address.


HTTP Protocol

Due to a known problem with the JAVA virtual machine, if an IP connection fails due to unresolved DNS or IP address then that address will continue to fail even when the site becomes again resolvable. The JAVA VM cache mechanism retains the unresolved status and returns the same with each attempt to reach that affected site. The JAVA virtual machine should invalidate this information after a some short interval, recheck its accuracy, or give the developer the option of invalidating that information. SunMicrosystems is aware and working towards resolving this problem. Sun's Developer Connection posts this as a temporary circumvention:

Change the following line in the file JAVA.SECURITY in the JRE lib and activate by removing the comment indicator in column 1.

networkaddress.cache.negative.ttl=-1
    to
networkaddress.cache.negative.ttl=0

HTTP Protocol with Netscape Navigator release 7 (and above), Mozilla and Internet Explorer release 6 (and above).


Telnet Protocol

Quiescing the proxy server will not immediately terminate current Telnet sessions. The Telnet user must have a program running that performs some console I/O or the user must cause a keyboard interrupt. Upon sensing this the proxy will terminate the Telnet session and complete the Quiesce. This has an impact on Quiesce followed by Resume. No problems occur where a Quiesce is followed by a Stop.


SMTP/POP3 Protocol

No known problems

SOCKSv5 Protocol

No known problems


FTP Protocol

Initiation an FTP transfer by way of an HTTP ftp://GET... is not yet supported.


SunMicrosystems InetAddress Caching (JAVA Security file)

The InetAddress class has a cache to store successful as well as unsuccessful host name resolutions. The positive caching is there to guard against DNS spoofing attacks; while the negative caching is used to improve performance.

By default, the result of positive host name resolutions are cached forever, because there is no general rule to decide when it is safe to remove cache entries. The result of unsuccessful host name resolution is cached for a very short period of time (10 seconds) to improve performance.

Under certain circumstances where it can be determined that DNS spoofing attacks are not possible, a Java security property can be set to a different Time-to-live (TTL) value for positive caching. Likewise, a system admin can configure a different negative caching TTL value when needed.

Two Java security properties control the TTL values used for positive and negative host name resolution caching:

networkaddress.cache.ttl (default: -1) Indicates the caching policy for successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.

A value of -1 indicates "cache forever".

networkaddress.cache.negative.ttl (default: 10) Indicates the caching policy for un-successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the failure for un-successful lookups.


[Return to Index]


[Return to Cullen Programming Home Page]


Cullen Programming logo