[vworld-tech] Telnet negotiation

Jon Leonard jleonard at slimy.com
Sun Jan 25 16:33:50 PST 2004 

On Sun, Jan 25, 2004 at 02:16:41PM -0500, Brian Hook wrote:
[first class = real telnet]
> > For the first class, you bascially send the IAC,WILL,ECHO and
> > IAC_WONT,ECHO sequences to turn off and on local echo.  There's a
> > bit of a complication involving acks that I'll get to later.
>
> This is what I'm currently leaning towards -- I send the
> IAC,WILL/WONT,ECHO, and that's it.  If the client isn't smart enough
> to enable/disable echo appropriately, one of two things happen:
>
> - no more local echo, player can't see shit, they need to get a new
> client

Right.  Fortunately these clients can just be handled by a server-side
hack.

> - password is cleartext on their side.  That's probably only
> marginally less secure than using telnet in the first place =)

Yeah, I occasionally think about setting up SSH tunnels & such, but it
hasn't yet been worth the effort.

> >  So you either detect early on that it's not a real telnet client
> > and don't bother, or you try once, and the (lack of) response tells
> > you to not try again.
>
> Is there any harm in trying again?  I only ever send IAC during
> password entry, so I would have one spurious IAC going over, which
> shouldn't cause problems on non-compliant clients right?  (Given that
> the first IAC has to be at least ignored, in theory the second one
> will be as well).

Probably no harm.  Well, stupid line-at-a-time clients will show a few
characters of trash.  I avoid trying again partially because I'm trying for
RFC compliance, and partially because it can't help.

> BTW, I handle char-at-a-time transparently by buffering in my kernel
> and sending only completed lines to the input handler.

Sensible.  There are a couple of remaining catches with that:

*) You need to handle control characters like backspace.  My handler discards
any control characters other thank backspace, delete, control-U, control-W,
tab, and bell.

*) It is possible for multiple lines to arrive in the same packet, and the
buffering shouldn't discard subsequent commands.  (This happens if someone
pastes in a sequence of commands, for example.)

*) It may interact oddly with the usual filtering for nul-after
carriage-return, and doubling "latin small letter y with diaeresis" (IAC).

> > The last bit covers negotiations for options other than ECHO.
>
> What other options do people tend to monkey with?  At this point I'm
> so gunshy about telnet screwups that I'm tempted to just ditch option
> negotiation altogether unless I know I'm connected to my custom
> client.

Well, it's not really that hard.  I think I've listed all of the potential
problems, and it is nice to be able to have more or less any text client
work 'right'.  All the other options are significantly less useful, though
some of the screen-size stuff might be, and turing on binary (for iso-latin-1)
could be useful.

Jon Leonard

More information about the vworld-tech mailing list