drankin at bohemians.lexington.ky.us
Fri Feb 4 02:47:57 EST 2000
On Thu, Feb 03, 2000 at 08:39:25PM +1100, Damien Miller wrote:
> Just a warning and a call to action:
> Theo de Raadt has convinced me to remove SOCKS support from our port
> of OpenSSH.
I strongly disagree with this position WRT SOCKS and Dante support.
There are some distinct advantages gained for keeping socks support
in the code base.
> His argument is that it can be easily and generically implemented as
> a ProxyCommand. This fits with my desire to keep our divergences from
> the OpenBSD codebase to a minimum.
Dante allows sockification of incoming connections from the SOCKS
server to the sshd. There's no easy way to accomplish this using a
> This looks like a few hours work (for someone more familiar the SOCKS
> API that I). It is basically a program which connects to a commandline
> specified host and passes data to/from the remote host to/from stdio.
> "man ssh" for the details on ProxyCommands.
This program is actually trivial to write. Take any port redirector
and hack on it. My problem is that you've changed
* one extra library call per socket action
* put data in pipe/socket queue
* force schedule switch to "pipe" program
* pull data across system/user barrier (pipe read)
* push data back across system/user barrier (write to socket)
Reads also add the same overhead.
Basically, you've traded one extra library call for a program that has
to sit there and jump into the kernel an extra two times per read/write.
On these modern machines, that's a trivial add, but on the older junk
I can afford (and I know others love), it adds up.
Considering that Socks and Dante both are a less than 40 lines diff
to one file, I don't think it'd be a big maintenance impact. IMHO,
keeping the library support compiled in is a LOT more elegant than
a bolt-on program.
David W. Rankin, Jr. Husband, Father, and UNIX Sysadmin.
Email: drankin at bohemians.lexington.ky.us Address/Phone Number: Ask me.
"It's too bad she won't live! But then again, who does?" -- Gaff, BR
More information about the openssh-unix-dev