Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Dec 2007 09:54:47 -0700
From:      John E Hein <jhein@timing.com>
To:        Raffaele De Lorenzo <raffaele.delorenzo@libero.it>
Cc:        net@freebsd.org, Julian Elischer <julian@elischer.org>, security@freebsd.org
Subject:   Re: Added native socks support to libc in FreeBSD 7
Message-ID:  <18273.25559.26231.178154@gromit.timing.com>
In-Reply-To: <475D417D.5020303@libero.it>
References:  <4759022A.4020105@libero.it> <47599AE1.6060805@elischer.org> <475D2185.3090405@libero.it> <868x4291ap.fsf@ds4.des.no> <475D417D.5020303@libero.it>

next in thread | previous in thread | raw e-mail | index | archive | help
Raffaele De Lorenzo wrote at 14:39 +0100 on Dec 10, 2007:
 > You can see in the port-tree my project  "csocks"  and  
 > http://csocks.altervista.org.

Thanks for lettings us know about your project.  Here are
just a few comments.

Why don't you provide the source code in the port?

For an open source, security sensitive project such as this, I think
that's important for users to gain confidence in it.


As far as putting the code in the base FreeBSD, that's a pretty large
hurdle.  The FreeBSD maintainers tend to put something in base only
after a significant part of the user base uses it, and it has become
the [or a] de facto preferred implementation of some industry
standard.

SOCKS is a standard, but the csocks implementation is not (yet).
Continue to adhere to RFCs and grow your user base, and perhaps
inclusion in FreeBSD's base system will happen organically.

For things to go into the base system ...

 1) The software (and its developers) need a proven track record
    (which you can gain by getting a large user base in ports).
    Personally, I hadn't heard about your SOCKS implementation until
    this week.

 2) A significant number of FreeBSD users can't do without it.  Now,
    this is quite subjective.  In some sense, people can't do without
    a web browser in this day and age, but there's no browser in the
    FreeBSD base system.  Of course, comparing firefox to csocks is
    not fair.  Maybe grep is a better comparison.  Web browsers are
    monstrous.

 3) There is a significant benefit to having it tightly integrated
    with the base system (as opposed to a more loose integration in
    the ports tree).  Wireless LAN is perhaps a good example here (and
    for #2 for that matter).  Not everyone needs it, but when you do
    it is good to have it in the base system where it is given
    system level architecture love and care.

 4) You need someone with commit privs to shepherd this thing along
    _and_ agreement from lots of other people (including FreeBSD's
    core).  Hint: the freebsd-arch list is often a good place to
    discuss additions to the FreeBSD base.

 5) Lots of other criteria (both implied and explicitly documented)
    that I'll not go into further (everyone together: "Hear, Hear").

Note that the larger the base system becomes, the harder it is to
maintain it well as a core, well integrated body of work.  And once it
is in the base, more people are now automatically signed on to
maintain it (indirectly)... not just you anymore.  When someone makes
a change to the base tcp implementation, for instance, they have to
make sure it also doesn't break the shiny new socks code now in the
base system as well.  This probably won't be a significant burden in
this particular case, but it's something that people have to consider.


As far as your specific patch to add socks support to libc ...

Why not just make a patch that puts it in src/lib/libsocks?  And a
binary in src/usr.bin/csocks (that does the LD_PRELOAD dance to
preload libsocks)?  Why does it have to be in libc?

I don't speak for the FreeBSD project, but that's a few of my thoughts
after looking at your implementation... which I did since it tickled
my curiosity.  Keep up the good work.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18273.25559.26231.178154>