Re: Added native socks support to libc in FreeBSD 7

看板FB_security作者時間18年前 (2007/12/10 19:24), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/5 (看更多)
Julian Elischer wrote: > Raffaele De Lorenzo wrote: >> Hi, >> i added a native (client) Socks V4/V5 support inside FreeBSD libc >> library. The work is based of my project (see >> http://csocks.altervista.org) CSOCKS. >> You can get it here: >> >> > > thanks for doing this. now we just need to see if thre is someone who > knows socks who can look at it.. > > The big question is whether it should be in libc or not. Making > everyone who does not use socks pay a cost is a big decision. > > Obviously, for people who use socks, it is good. What is the cost for > others? > > > > > > . > Hi, I understand your doubts... The socks implementation wraps some syscall socket functions like "_connect" and "_bind" trasparently from the applications. When one of these is called, the "socks" check starts: 1) Load rules from /etc/csocks.conf (if exist or there are rules..) 2) Check the rules ("check-rules") with the connection data (the check have a O(1) cost because the rules are stored in a hash-table). If "/etc/csocks.conf" doesn't exist or there are no rules inside it, the entire socks check is skipped and go run native syscall (for example "_connect") . 3) If a rule is matched, then starts the socksified's (connection ) processes, else run the native syscall Now, if the users never will use the socks features (the configuration file is empty), the computation cost is negligible, because the "check-rules" are skipped. If some (or all) users use the socks features, for each syscall wrapped by socks there is a low cost identified by the "check-rule" procedure. I tested this solution in a big network , up to 60 client rules and i didn't see slowdowns for non-socks connections. When a process calls a socks wrapped syscall for the first time (and only the first time!) the entire rules are loaded in memory, and the hash array (empty) too: The hash array empty consumes around 5.6K of memory The single rule consumes 20 Byte of memory User Name and Password consume 2K of memory Raffaele _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 raffaele. 的文章
文章代碼(AID): #17NI8000 (FB_security)
更多 raffaele. 的文章
文章代碼(AID): #17NI8000 (FB_security)