Jingle (XEP-0166)  defines a framework for negotiating and managing data sessions over XMPP. In order to provide a flexible framework, the base Jingle specification defines neither data transport methods nor application formats, leaving that up to separate specifications. The current document defines a transport method for establishing and managing data exchanges between XMPP entities using the existing SOCKS5 Bytestreams (S5B) protocol specified in SOCKS5 Bytestreams (XEP-0065) . This "jingle-s5b" method results in a streaming transport method suitable for use in Jingle application types where packet loss cannot be tolerated (e.g., file transfer). Jingle-S5B reuses the protocol flow from XEP-0065 for the communication with a SOCKS5 streamhost; the communication between two clients to negotiate the possible candidates differs from XEP-0065 and shares similarities with Jingle ICE-UDP Transport Method (XEP-0176) 
The basic flow is as follows.
This flow is illustrated in the following examples (to simplify the presentation these use an "example" application instead of a real application type).
It is RECOMMENDED that a client will offer as many <candidate/> elements as possible with itself as the host (i.e., non-proxy candidates). Such candidates might be found using the following methods:
If the client knows it is behind a NAT and the router announces UPnP IGD or NAT-PMP support, the client SHOULD map the open port to the external interface of the router and include the public IP address and port information in the <candidate/> offers. To increase the chance of success without using a proxy, this specification encourages the responder to also send offers, effectively equivalent to the "fast-mode" for SOCKS5 Bytestreams as previously described at <http://delta.affinix.com/specs/stream.html>.
Once the initiator has a set of candidates, it sends a Jingle session-initiate request that contains one or more transport candidates which are a mixture of XEP-0065 streamhosts and ICE candidates used in XEP-0176.
Just as with the <query/> element from XEP-0065, here the <transport/> element contains the candidates. The following rules apply to the defined attributes of the <transport/> element when sent by the initiator in a Jingle session-initate message:
In the following example, Romeo's client has two interfaces, one on port 5086 and the other on port 5087. The provided candidates are the IPv4 address of one interface, the IPv4 address of the second interface, and a proxy address at streamer.shakespeare.lit. Because Romeo's client has included a proxy candidate, it includes its computed value for the DST.ADDR field in the 'dstaddr' attribute (here computed as the SHA-1 hash of "email@example.comfirstname.lastname@example.org/balcony").
The responder immediately acknowledges receipt.
Depending on the application type, a user agent controlled by a human user might need to wait for the user to affirm a desire to proceed with the session before continuing. When the user agent has received such affirmation (or if the user agent can automatically proceed for any reason, e.g. because no human intervention is expected or because a human user has configured the user agent to automatically accept sessions with a given entity), it returns a Jingle session-accept message.
This message MUST contain a <transport/> element qualified by the 'urn:xmpp:jingle:transports:s5b:1' namespace, which SHOULD in turn contain one <candidate/> element for each SOCKS5 Bytestreams candidate generated by or known to the responder, but MAY instead be empty if the responder does not wish to offer any candidates or wishes to send each candidate as the payload of a transport-info message. If the responder sends candidates in the session-accept, the chances of a successful connection are increased. For example, the initiator might be behind a NAT or might have no access to an S5B proxy, whereas the responder might have a public IP address, might know about a proxy, or might have NAT penetration support like NAT-PMP in a router. However, the responder MUST NOT offer as a candidate any host/port combination that has already been offered by the initiator; this helps to prevent failure of negotiation with S5B proxies.
The following rules apply to the defined attributes of the <transport/> element when sent by the responder in a Jingle session-accept message:
In the following example, Juliet's client opens one port. The provided candidates are the (private) IPv4 address of the interface, a (public) IPv6 address, the public IPv4 address created by mapping the private IP address/port using NAT-PMP, and a proxy address. Because Juliet's client has included a proxy candidate, it includes its computed value for the DST.ADDR field in the 'dstaddr' attribute (here computed as the SHA-1 hash of "email@example.comfirstname.lastname@example.org/orchard").
The initiator acknowledges receipt and tries to connect to the offered candidates.
A client SHOULD check the offered candidates in order of their priority, starting with the highest value. How the priority is calculated depends on the actual available interfaces. An implementation SHOULD use the following formula:
The type preference is an integer value between 0 and 127. The following types and their suggested preference values are defined.
|direct||Direct connection using the given interface||126|
|assisted||Direct connection using NAT assisting technologies like NAT-PMP or UPnP-IGD||120|
|tunnel||Tunnel protocols such as Teredo||110|
The local preference is used to rate different candidates of the same type, e.g. a DSL link might be preferred over a VPN connection. The value of the local preference SHOULD be between 0 and 65535. The proposed values are only guidelines. If a client wants to increase or decrease the value of a specific candidate it is free to do so. For instance, a client might have an expensive UMTS link as a last resort and might rate this link lower than all SOCKS5 relays.
After receiving its peer's candidates, a client start to connect to them in order of the priority. A detailed description of the protocol can be found in XEP-0065.
Once one client has successfully created a connection, it sends the <candidate-used/> element to the peer inside a Jingle transport-info message. If a client receives a candidate-used notification it SHOULD continue trying to connect to candidates sent by its peer if it has not tried all candidates with a higher priority than the one successfully used by the peer.
The peer immediately acknowledges receipt.
If a client is unable to connect to any candidate sent by its peer, or if it stopped trying to connect because its peer sent a candidate-used notification with a priority higher than its remaining candidate(s), it sends a candidate-error Jingle transport-info message (this is equivalent to the IQ-error with code='500' from the "fast-mode" extension).
The peer immediately acknowledges receipt.
The transport negotiation is completed in one of the following ways:
The parties shall use the nominated candidate for the data transfer. However, if the nominated candidate is of the "proxy" type, then the peer has no way to know when it can send data. Therefore the party that offered the nominated candidate MUST do two things...
First, it activates the bytestream, as described in XEP-0065:
Second, it sends an activated notification to the peer; it does so by sending a transport-info message containing an <activated/> element:
If the nominated candidate is of the proxy type and either party cannot connect to the proxy (for example because of a restrictive firewall), the failing party shall send a transport-info message containing an <proxy-error/> element.
The parties shall then consider the bytestream unsuccessful and SHOULD attempt to fall back to another transport as described in Fallback Methods.
Once the parties have chosen (and if necessary activated) a streamhost, they can exchange data as defined in XEP-0065.
Once the parties have finished using the bytestream (e.g., because a complete file has been sent), either party can send a Jingle session-terminate action.
The other party then acknowledges the session-terminate and the Jingle session is finished.
If the SOCKS5 Bytestreams negotiation fails, the parties might want to "fall back" to another transport. Currently the transport of last resort for a streaming exchange is In-Band Bytestreams (XEP-0047)  as described for Jingle in Jingle In-Band Bytestreams Transport Method (XEP-0261) , however if other transport methods are defined in the future (e.g. RFC 6544 ) then clients could fall back to those methods instead of IBB. The protocol flow for fallback from S5B to IBB is as follows.
First the initiator sends a Jingle session-initiate, in this case with a transport of SOCKS5 Bytestreams. The protocol flow is exactly the same as described above. If both parties are unable to connect to a candidate provided by the peer, they send candidate-error messages to indicate that SOCKS5 has failed. The initiator MUST either terminate the Jingle session with a Jingle reason of <connectivity-error/> or replace the transport with something else using the transport-replace action. Typically the fallback option is IBB (see, for example, Jingle File Transfer (XEP-0234) ). Therefore the initiator sends a transport-replace action including a transport of IBB.
The responder then acknowledges the transport-replace action.
If the transport replacement is acceptable, the responder then sends a transport-accept action to the initiator (if not, the responder sends a transport-reject action). If the responder wishes to use a smaller block size than the one specified in the transport-replace offer, this can be done by specifying a block-size attribute in the transport-accept action.
The initiator acknowledges the Jingle transport-accept action.
Now the parties can send data using In-Band Bytestreams as defined in XEP-0261 and XEP-0047.
The same processing rules and usage guidelines defined in XEP-0065 apply to the Jingle S5B Transport Method. This document adds the following implementation suggestions in the context of Jingle:
To advertise its support for the Jingle SOCKS5 Bytestreams Transport Method, when replying to Service Discovery (XEP-0030)  information requests an entity MUST return URNs for any version of this protocol that the entity supports -- e.g., "urn:xmpp:jingle:transports:s5b:1" for this version (see Namespace Versioning regarding the possibility of incrementing the version number).
In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in Entity Capabilities (XEP-0115) . However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.
The exchange of candidates might result in exposure of the sender's IP addresses, which comprise a form of personally identifying information. A Jingle client MUST enable a user to control which entities will be allowed to receive such information. If a human user explicitly accepts a session request, then the client can consider that action to imply approval of IP address sharing.
This specification, like XEP-0065 before it, does not directly support end-to-end encryption of the media sent over the transport.
This document requires no interaction with the Internet Assigned Numbers Authority (IANA) .
The XMPP Registrar  includes 'urn:xmpp:jingle:transports:s5b:1' in its registry of protocol namespaces at <https://xmpp.org/registrar/namespaces.html>, as described in Section 4 of XMPP Registrar Function (XEP-0053) .
If the protocol defined in this specification undergoes a revision that is not fully backwards-compatible with an older version, the XMPP Registrar shall increment the protocol version number found at the end of the XML namespaces defined herein, as described in Section 4 of XEP-0053.
Thanks to Steffen Larsen, Florian Schmaus, Kevin Smith, and Remko Tronçon for their feedback.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
There exists a special venue for discussion related to the technology described in this document: the <email@example.com> mailing list.
The primary venue for discussion of XMPP Extension Protocols is the <firstname.lastname@example.org> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <email@example.com>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
4. In XEP-0065, the DST.ADDR is always calculated as SHA1(SID + Requester JID + Target JID); in XEP-0260 the Jingle "initiator" is the SOCKS5 Bytestreams "requester" and the Jingle "responder" is the SOCKS5 Bytestreams "target", so for proxy candidates sent from the initiator/requester to the responder/target the DST.ADDR is calculated as SHA1(SID + Initiator JID + Responder JID). Note well that the calcuation for proxy candidates sent from the responder/target to the initiator/requester is SHA1(SID + Responder JID + Initiator JID); this scenario is not covered by XEP-0065 since in that specification only the SOCKS5 Bytestreams "requester" provides candidates.
5. As noted, the calculation for proxy candidates sent from the responder/target to the initiator/requester is SHA1(SID + Responder JID + Initiator JID); this scenario is not covered by XEP-0065 since in that specification only the SOCKS5 Bytestreams "requester" provides candidates.
12. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.
13. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <https://xmpp.org/registrar/>.
Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/
Replace broken link using archive.org
Fix the schema to mention @sid is required rather than optional.
Fix broken ICE-TCP reference.
Per a vote of the XMPP Council, advanced specification from Experimental to Draft; also added a further note about calculation of the 'dstaddr' attribute.
Further clarified use of the dstaddr attribute, especially when the responder shares a proxy candidate with the initiator.
More clearly described how to activate the bytestream.
Per feedback from the XMPP Council, changed some implementation guidelines from normative to informative and modified the security considerations to remove user interface recommendations and the recommendation to use XTLS (since it is not longer being actively developed).
Added a 'dstaddr' attribute for feature-parity with XEP-0065.
Removed 'zeroconf' attribute for consistency with XEP-0065; clarified use of proxy-error condition; corrected schema.
Added proxy-error action; added a block-size attribute in the transport-accept action when negotiating fallback to another transport, analogous to changes in XEP-0261; editorial review.
Major update to make Jingle S5B inherit more features from ICE and ICE-TCP. Added priorities and candidate identifiers. Renamed streamhost element to candidate element. Updated candidate selection to use priorities, and it is now required for both clients to send a candidate-used or candidate-error notification. Defined type attribute to differentiate between various kinds of candidates. More clearly described how S5B negotiation is completed, including an activated notification from responder to initiator when the candidate used is a proxy. Noted reuse of fast-mode methodology from S5B optimization specification. Because of incompatibilities with the previous version, changed the namespace to urn:xmpp:jingle:transports:s5b:1.
Minor changes to track modifications to XEP-0166; updated security considerations for consistency with other transport methods; added section on service discovery.
Initial published version.
Clarified order of events to be consistent with raw-udp and ice-udp.
Specified that the responder can send <streamhost/> candidates, consistent with the earlier S5B optimization extension; this change required the introduction of streamhost-used and streamhost-error. Also added text to encourage the use of NAT-assisting protocols.