.\" Generated by scdoc 1.11.3 .\" Complete documentation for this program is not available as a GNU info page .ie \n(.g .ds Aq \(aq .el .ds Aq ' .nh .ad l .\" Begin generated content: .TH "SYD-TOR" "1" "2025-02-14" .PP .SH NAME .PP syd-tor - SOCKS Proxy Forwarder .PP .SH SYNOPSIS .PP \fBsyd-tor\fR \fI[-dh]\fR \fI[-b ]\fR \fI-p \fR \fI-i \fR \fI[-o addr:port]\fR .PP .SH DESCRIPTION .PP Receives listening socket from fd and forwards traffic to addr:port.\& .PP External address must be an IPv4 or IPv6 address, defaults to \fBTOR\fR.\& .PP PID file descriptor is used to track the exit of Syd process.\& .PP .SH OPTIONS .PP .TS l lx l lx l lx l lx l lx l lx. T{ \fB-h\fR T} T{ Display help.\& T} T{ \fB-d\fR T} T{ Run in debug mode without confinement.\& T} T{ \fB-b\fR \fBbufsiz\fR T} T{ Set the pipe buffer size.\& Defaults to the value in /proc/sys/fs/pipe-max-size.\& T} T{ \fB-p\fR \fBpid-fd\fR T} T{ PID file descriptor of Syd process.\& T} T{ \fB-i\fR \fBsocket-fd\fR T} T{ Socket file descriptor to receive the listening socket from.\& T} T{ \fB-o\fR \fBaddr:port\fR T} T{ Specify external address to forward traffic to.\& Defaults to 127.\&0.\&0.\&1:9050.\& T} .TE .sp 1 .SH USAGE .PP \fIsyd-tor\fR(1) is not meant to be used as a standalone tool.\& Syd invokes \fIsyd-tor\fR(1) at startup when Proxy sandboxing is set to on with "sandbox/proxy:on".\& See the PROXY SANDBOXING section in \fIsyd\fR(7) manual page for more information.\& If you want to use \fIsyd-tor\fR(1) in your own project, what you need to do first is to pass it a \fInon-blocking\fR PID fd of your own process with the "-p " argument so \fIsyd-tor\fR(1) can simultaneously exit with it.\& Care should be given at this stage as PID file descriptors are "O_CLOEXEC" by default.\& Next, create a UNIX socket-pair, enter a network namespace, bring up the loopback device, \fIbind\fR(2) a socket to a port on it and then send this socket file descriptor through the write end of the socket-pair with \fIsendmsg\fR(2) "SCM_RIGHTS" option.\& Finally pass the read end of the socket-pair to \fIsyd-tor\fR(1) with the "-i " argument.\& .PP .SH IMPLEMENTATION .PP \fIsyd-tor\fR(1) is designed with performance, security, and privacy in mind, utilizing advanced techniques such as edge-triggered \fIepoll\fR(7) for efficient event notification and full asynchronous operations to handle multiple connections without blocking.\& It employs zero-copy data transfer using the \fIsplice\fR(7) system call to move data directly between file descriptors within the kernel, ensuring high performance and data privacy.\& To facilitate bidirectional communication, \fIsyd-tor\fR(1) uses two pairs of pipes, allowing seamless data flow between the client and the external address.\& Additionally, \fIsyd-tor\fR(1) confines its execution environment using seccomp and Landlock, restricting system calls and file accesses to minimize the attack surface.\& Compared to socksns, which uses the Tokio runtime for asynchronous I/O, \fIsyd-tor\fR(1) emphasizes kernel-level efficiency and security, making it a robust solution for SOCKS proxy forwarding.\& .PP .SH SECURITY .PP \fIsyd-tor\fR(1) implements comprehensive security measures to mitigate risks associated with running outside the Syd sandbox, thus preventing potential Man-in-the-Middle (MITM) attacks against containers.\& Seccomp filters are meticulously configured to allow only necessary syscalls, with \fIconnect\fR(2) restricted to a single memory address to prevent unauthorized network connections.\& This restriction is particularly strict on 64-bit architectures, but has limitations on 32-bit where the socketcall interface can be exploited; hence, additional protective measures are in place.\& Moreover, executable memory is disallowed to prevent code injection attacks and reading the timestamp counter is prevented on x86 to make timing attacks harder to realize.\& Landlock and namespaces, if available, enforce further restrictions by disallowing all filesystem access, providing an additional layer of security.\& These combined techniques ensure that even if \fIsyd-tor\fR(1) is compromised, the scope of malicious actions is significantly limited, maintaining the integrity and security of the overall system.\& .PP .SH ENVIRONMENT .PP .TS l lx l lx. T{ \fBSYD_TOR_DEBUG\fR T} T{ Run in debug mode without confinement, equivalent to the "-d" option T} T{ \fBSYD_TOR_RULES\fR T} T{ Print seccomp rules in human-readable format to standard error at startup T} .TE .sp 1 .SH BUGS .PP The \fIsyd-tor\fR(1) process runs as a single process and can potentially hit file descriptor (FD) limits due to the number of FDs it opens per connection.\& Each client connection involves six FDs: one for the client socket, one for the external socket, and four for the pipes used for bidirectional data transfer (two pipes with an input and output FD each).\& To mitigate this, \fIsyd-tor\fR(1) sets the file-max limit to the hard limit by overriding the soft limit at startup.\& However, in some cases, this may not be sufficient, and manual adjustment of FD limits may be necessary.\& .PP .SH SEE ALSO .PP \fIsyd\fR(1), \fIsyd\fR(2), \fIsyd\fR(7) .PP \fBsyd\fR homepage: https://sydbox.\&exherbolinux.\&org/ .PP .SH AUTHORS .PP Maintained by Ali Polatel.\& Up-to-date sources can be found at https://gitlab.\&exherbo.\&org/sydbox/sydbox.\&git and bugs/patches can be submitted to https://gitlab.\&exherbo.\&org/groups/sydbox/-/issues.\& Discuss in #sydbox on Libera Chat.\&