AW: Re: Patch for Socks5 support for dynamic portforwaring?

Dan Kaminsky dan at
Wed Jun 25 19:46:15 EST 2003

>good point ... so, what would be the solution if I need some kind of UDP
>port forwarding?

This is actually problematic over SSH.  SSH presumes a lower layer will 
provide basic reliability -- it runs over TCP.  Port forwarding is a 
method of doing TCP-in-TCP encapsulation; usually this has serious 
performance issues as both sockets implement backoff et al, but SSH 
avoids these problems by locally terminating the socket, 
de-encapsulating the payload, and sending only that payload over the 
tunnelled link.

This works because TCP is byte oriented and the only thing that matters 
is the order of the data.  Such is not the case with UDP -- it's just a 
very thin wrapper on top of IP and anything goes regarding how the 
payload is transferred.  The literal length of each packet is relevant 
is a way that doesn't exist for TCP.

That being said, a piece of Paketto (my own bizarre packet-mangling 
code) may help with this...I'll see what I can get into the July 30 release.


More information about the openssh-unix-dev mailing list