From owner-freebsd-net@FreeBSD.ORG Mon Dec 10 11:41:14 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5093B16A417 for ; Mon, 10 Dec 2007 11:41:14 +0000 (UTC) (envelope-from info@plot.uz) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.228]) by mx1.freebsd.org (Postfix) with ESMTP id B00EC13C459 for ; Mon, 10 Dec 2007 11:41:13 +0000 (UTC) (envelope-from info@plot.uz) Received: by hu-out-0506.google.com with SMTP id 28so5653476hub for ; Mon, 10 Dec 2007 03:41:12 -0800 (PST) Received: by 10.78.184.2 with SMTP id h2mr6859291huf.1197285947659; Mon, 10 Dec 2007 03:25:47 -0800 (PST) Received: from plot.uz ( [83.221.169.125]) by mx.google.com with ESMTPS id 7sm1379848nfv.2007.12.10.03.25.42 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 10 Dec 2007 03:25:47 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.1.7 X-Spam-Report: Received: from localhost by plot.uz (MDaemon PRO v9.5.5) with DomainPOP id md50000005136.msg for ; Mon, 10 Dec 2007 16:25:46 +0500 Delivered-To: aleksey@plot.uz Received: by 10.78.83.10 with SMTP id g10cs162210hub; Mon, 10 Dec 2007 03:25:03 -0800 (PST) Received: by 10.114.126.1 with SMTP id y1mr5777576wac.1197285902306; Mon, 10 Dec 2007 03:25:02 -0800 (PST) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mx.google.com with ESMTP id l28si4807323waf.2007.12.10.03.25.00; Mon, 10 Dec 2007 03:25:02 -0800 (PST) Received-SPF: pass (google.com: domain of owner-freebsd-security@freebsd.org designates 69.147.83.53 as permitted sender) client-ip=69.147.83.53; Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3CC8332044; Mon, 10 Dec 2007 11:22:59 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id AC65616A4A7; Mon, 10 Dec 2007 11:22:58 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1064C16A46C for ; Mon, 10 Dec 2007 11:22:46 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from grupposervizi.it (mail1.tagetik.com [85.18.71.243]) by mx1.freebsd.org (Postfix) with SMTP id 5B46A13C461 for ; Mon, 10 Dec 2007 11:22:44 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: (qmail 25906 invoked by uid 453); 10 Dec 2007 11:22:43 -0000 Received: from [192.9.210.26] (HELO noel.grupposervizi.it) (192.9.210.26) by grupposervizi.it (qpsmtpd/0.31.1) with ESMTP; Mon, 10 Dec 2007 12:22:43 +0100 Message-ID: <475D2185.3090405@libero.it> Date: Mon, 10 Dec 2007 12:22:45 +0100 User-Agent: Thunderbird 2.0.0.9 (X11/20071204) MIME-Version: 1.0 To: Julian Elischer References: <4759022A.4020105@libero.it> <47599AE1.6060805@elischer.org> In-Reply-To: <47599AE1.6060805@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Errors-To: owner-freebsd-security@freebsd.org X-Return-Path: owner-freebsd-security@freebsd.org X-Envelope-From: owner-freebsd-security@freebsd.org X-MDaemon-Deliver-To: freebsd-net@freebsd.org X-Spam-Processed: plot.uz, Mon, 10 Dec 2007 16:25:47 +0500 From: Raffaele De Lorenzo Cc: freebsd-security@freebsd.org, "raffaele.delorenzo" , FreeBSD Net Subject: Re: Added native socks support to libc in FreeBSD 7 X-BeenThere: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2007 11:41:14 -0000 Julian Elischer wrote: > Raffaele De Lorenzo wrote: >> Hi, >> i added a native (client) Socks V4/V5 support inside FreeBSD libc >> library. The work is based of my project (see >> http://csocks.altervista.org) CSOCKS. >> You can get it here: >> >> > > thanks for doing this. now we just need to see if thre is someone who > knows socks who can look at it.. > > The big question is whether it should be in libc or not. Making > everyone who does not use socks pay a cost is a big decision. > > Obviously, for people who use socks, it is good. What is the cost for > others? > > > > > > . > Hi, I understand your doubts... The socks implementation wraps some syscall socket functions like "_connect" and "_bind" trasparently from the applications. When one of these is called, the "socks" check starts: 1) Load rules from /etc/csocks.conf (if exist or there are rules..) 2) Check the rules ("check-rules") with the connection data (the check have a O(1) cost because the rules are stored in a hash-table). If "/etc/csocks.conf" doesn't exist or there are no rules inside it, the entire socks check is skipped and go run native syscall (for example "_connect") . 3) If a rule is matched, then starts the socksified's (connection ) processes, else run the native syscall Now, if the users never will use the socks features (the configuration file is empty), the computation cost is negligible, because the "check-rules" are skipped. If some (or all) users use the socks features, for each syscall wrapped by socks there is a low cost identified by the "check-rule" procedure. I tested this solution in a big network , up to 60 client rules and i didn't see slowdowns for non-socks connections. When a process calls a socks wrapped syscall for the first time (and only the first time!) the entire rules are loaded in memory, and the hash array (empty) too: The hash array empty consumes around 5.6K of memory The single rule consumes 20 Byte of memory User Name and Password consume 2K of memory Raffaele _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"