AW: Re: Patch for Socks5 support for dynamic portforwaring?
Dan Kaminsky
dan at doxpara.com
Wed Jun 25 19:46:15 EST 2003
>good point ... so, what would be the solution if I need some kind of UDP
>port forwarding?
>
>
This is actually problematic over SSH. SSH presumes a lower layer will
provide basic reliability -- it runs over TCP. Port forwarding is a
method of doing TCP-in-TCP encapsulation; usually this has serious
performance issues as both sockets implement backoff et al, but SSH
avoids these problems by locally terminating the socket,
de-encapsulating the payload, and sending only that payload over the
tunnelled link.
This works because TCP is byte oriented and the only thing that matters
is the order of the data. Such is not the case with UDP -- it's just a
very thin wrapper on top of IP and anything goes regarding how the
payload is transferred. The literal length of each packet is relevant
is a way that doesn't exist for TCP.
That being said, a piece of Paketto (my own bizarre packet-mangling
code) may help with this...I'll see what I can get into the July 30 release.
--Dan
More information about the openssh-unix-dev
mailing list