Socks support

David Rankin drankin at
Thu May 11 07:12:36 EST 2000

On Wed, May 10, 2000 at 09:49:56PM +0200, Markus Friedl wrote:
> On Wed, May 10, 2000 at 10:29:15PM +0300, Madsen Wikholm wrote:
> > So my problem is that the Dante support code was removed and supposed to be
> > replaced with a ProxyCommand. My question is now: "Where's the beef?".

> someone has to write a suitable dante/socks-proxy
> that can be used via ProxyCommand.

> do you want to give it a try?

M'lord, for the record, the defense wishes to renew its objections on this

(Sorry, been reading too much Rumpole of the Bailey of late.)

While I am just as much a fan of "doing things the right way", for Socks
client code, I still don't believe that this is the right way. To avoid
10-15 #defines and one extra -l statement for ld, ProxyCommand introduces an
extra process (and associated scheduling latency and swapping for low-memory
systems), and a minimum of two extra kernel boundry crossings per SSH packet
(and associated kernel I/O overhead). Yes, for "modern" high-memory 
systems with cycles to spare this isn't that big of a deal, but for the
systems that are already overloaded (through age, lack of memory, or
through heavy utilization), this kind of extra overhead can be at the
very least non-trivial, and at its worst make openssh seriously impact
the system.

That said, I don't have copies of my original patches to add Dante 
support to OpenSSH close at hand, but they are trivial to reimplement.
If someone should feel the urge to do so but would like to see them, I'll
try to find the last set of patches I had on the matter.


David W. Rankin, Jr.     Husband, Father, and UNIX Sysadmin. 
   Email: drankin at   Address/Phone Number: Ask me.

More information about the openssh-unix-dev mailing list