Added native socks support to libc in FreeBSD 7
Raffaele De Lorenzo
info at plot.uz
Mon Dec 10 03:41:14 PST 2007
Julian Elischer wrote:
> Raffaele De Lorenzo wrote:
>> i added a native (client) Socks V4/V5 support inside FreeBSD libc
>> library. The work is based of my project (see
>> http://csocks.altervista.org) CSOCKS.
>> You can get it here:
> thanks for doing this. now we just need to see if thre is someone who
> knows socks who can look at it..
> The big question is whether it should be in libc or not. Making
> everyone who does not use socks pay a cost is a big decision.
> Obviously, for people who use socks, it is good. What is the cost for
I understand your doubts...
The socks implementation wraps some syscall socket functions like
"_connect" and "_bind" trasparently from the applications. When one of
these is called, the "socks" check starts:
1) Load rules from /etc/csocks.conf (if exist or there are rules..)
2) Check the rules ("check-rules") with the connection data (the check
have a O(1) cost because the rules are stored in a hash-table). If
"/etc/csocks.conf" doesn't exist or there are no rules inside it, the
entire socks check is skipped and go run native syscall (for example
3) If a rule is matched, then starts the socksified's (connection )
processes, else run the native syscall
Now, if the users never will use the socks features (the configuration
file is empty), the computation cost is negligible, because the
"check-rules" are skipped. If some (or all) users use the socks
features, for each syscall wrapped by socks there is a low cost
identified by the "check-rule" procedure.
I tested this solution in a big network , up to 60 client rules and i
didn't see slowdowns for non-socks connections.
When a process calls a socks wrapped syscall for the first time (and
only the first time!) the entire rules are loaded in memory, and the
hash array (empty) too:
The hash array empty consumes around 5.6K of memory
The single rule consumes 20 Byte of memory
User Name and Password consume 2K of memory
freebsd-security at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-net