GPL (GNU General Public License)    
3.2/5 22
Cntlm is an authenticating HTTP proxy intended to help you break free from the chains of the proprietary world...





1 comment  

Cntlm is an authenticating HTTP proxy intended to help you break free from the chains of the proprietary world we all are held prisoners in. You can run and use a free operating system on your computer and honor our noble idea, but you can't hide! Once you're behind the cold steel bars of the corporate proxy server requiring NTLM authentication, your lost.

Here comes Cntlm. It takes the address of your proxy (or proxies) and opens a listening socket, forwarding each request to the proxy (moving in a circular list if the active proxy stops working). Along the way, the forwarded connection is created anew and authenticated or, if available, previously cached connection is reused to achieve higher efficiency and faster responses. When the chain is set up, Cntlm is to be used as the primary proxy. Cntlm also itegrates transparent TCP/IP port forwarding (tunneling) through the parent proxy. Each tunnel opens a new listening socket on the specified local port and forwards all connections to the given host:port behind the parent proxy.

Apparently, the authentication part is similar to NTLMAPS and others, but Cntlm removes many of their shortcomings and inefficiencies. It supports real keep-alive (on both sides) and it caches all authenticated connections for reuse in subsequent requests. It can be restarted without TIME_WAIT delay, uses just a fraction of memory compared to others and by orders of magnitude less CPU. Each thread is completely independent and one cannot block another.
In addition to lower usage of system resources, Cntlm achieves higher throughput.

By caching once opened connections, it acts as an accelerator; instead of 5-way auth handshake for each connection, it transparently removes this requirement, providing direct access most of the time. For example, NTLMAPS doesn't do authentication at once with the initial request - instead, it first connects, sends a probe and disconnects. No sooner than that it connects again and then initiates NTLM handshake. Cntlm also doesn't read the clients complete request including HTTP body into memory, in fact, no traffic is generated except for exchange of headers until the client server connection is fully negotiated. Only then are the request and response bodies multiplexed, directly between client and server sockets. This way, Cntlm avoids most of the TCP/IP overhead of similar proxies. Along with the fact that Cntlm is written in optimized C, it achieves up to twenty times faster responses. The slower the line, the more impact Cntlm has on download speeds.

Memory management audits and profiling are inherent part of the development process. Each change in the code is audited using Valgrind, which acts as a virtual CPU and checks behaviour of each instruction of the application being profiled. Using this marvelous tool, you can uncloak any imbalance in malloc/free calls (double free's or leaks), operations with uninitialized memory, access outside of properly allocated memory and oh so much more.

What's New in This Release:

A built-in SOCKS 5 proxy service, official inclusion in Debian, FreeBSD support, an Ubuntu /bin/sh (Dash) compatible init script, a fix for HTTPS/tunneling instability, support for NTLM-free (open) proxies, and major code refactoring.
Last updated on November 6th, 2007
Cntlm - screenshot #1Cntlm - screenshot #2

1 User review so far. Load top Load all