Added native socks support to libc in FreeBSD 7

Raffaele De Lorenzo info at
Mon Dec 10 03:41:14 PST 2007

Julian Elischer wrote:
> Raffaele De Lorenzo wrote:
>> Hi,
>> i added a native (client) Socks V4/V5 support inside FreeBSD libc
>> library. The work is based of my  project (see
>> You can get it here:
> thanks for doing this. now we just need to see if thre is someone who 
> knows socks who can look at it..
> The big question is whether it should be in libc or not. Making 
> everyone who does not use socks pay a cost is a big decision.
> Obviously, for people who use socks, it is good. What is the cost for 
> others?
> .
I understand your doubts...
The socks implementation wraps some syscall socket functions like 
"_connect" and "_bind" trasparently from the applications. When one of 
these is called, the "socks" check starts:

1) Load rules from /etc/csocks.conf (if exist or there are rules..)
2) Check the rules ("check-rules") with the connection data (the check 
have a O(1) cost because the rules are stored in a hash-table). If 
"/etc/csocks.conf" doesn't exist or there are no rules inside it,  the 
entire socks check is skipped and go run native syscall (for example 
"_connect") .
3) If a rule is matched, then starts the socksified's (connection ) 
processes, else  run the  native syscall
Now, if the users never will use the socks features (the configuration 
file is empty), the computation cost is negligible, because the  
"check-rules" are skipped.  If some (or all)  users use the socks 
features, for each syscall wrapped by socks there is a low cost 
identified by the "check-rule" procedure.
I tested this solution in a big  network , up to 60 client rules and i 
didn't see slowdowns for non-socks connections.
When a process calls a socks wrapped syscall for the first time (and 
only the first time!) the entire rules are loaded in memory, and the 
hash array (empty) too:

The hash array empty consumes around 5.6K of memory
The single rule consumes 20 Byte of memory
User Name and Password consume 2K of memory



freebsd-security at mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe at"

More information about the freebsd-net mailing list