SOCKS support

David Rankin drankin at bohemians.lexington.ky.us
Fri Feb 4 02:47:57 EST 2000 

On Thu, Feb 03, 2000 at 08:39:25PM +1100, Damien Miller wrote:

> Just a warning and a call to action:

> Theo de Raadt has convinced me to remove SOCKS support from our port
> of OpenSSH.

I strongly disagree with this position WRT SOCKS and Dante support.
There are some distinct advantages gained for keeping socks support
in the code base.

> His argument is that it can be easily and generically implemented as
> a ProxyCommand. This fits with my desire to keep our divergences from
> the OpenBSD codebase to a minimum.

Dante allows sockification of incoming connections from the SOCKS
server to the sshd. There's no easy way to accomplish this using a
ProxyCommand-like program. 

> This looks like a few hours work (for someone more familiar the SOCKS
> API that I). It is basically a program which connects to a commandline
> specified host and passes data to/from the remote host to/from stdio.
> "man ssh" for the details on ProxyCommands.

This program is actually trivial to write. Take any port redirector
and hack on it. My problem is that you've changed
* one extra library call per socket action
to
* put data in pipe/socket queue
* force schedule switch to "pipe" program
* pull data across system/user barrier (pipe read)
* push data back across system/user barrier (write to socket)

Reads also add the same overhead.

Basically, you've traded one extra library call for a program that has
to sit there and jump into the kernel an extra two times per read/write.
On these modern machines, that's a trivial add, but on the older junk
I can afford (and I know others love), it adds up.

Considering that Socks and Dante both are a less than 40 lines diff
to one file, I don't think it'd be a big maintenance impact. IMHO,
keeping the library support compiled in is a LOT more elegant than
a bolt-on program.

Thanks,
David

-- 
David W. Rankin, Jr.     Husband, Father, and UNIX Sysadmin. 
   Email: drankin at bohemians.lexington.ky.us   Address/Phone Number: Ask me.
"It's too bad she won't live! But then again, who does?" -- Gaff, BR

More information about the openssh-unix-dev mailing list