Patch for Socks5 support for dynamic portforwaring?

Dan Kaminsky dan at doxpara.com
Wed Jun 25 09:05:48 EST 2003


>There is a break point for features vs bloat.  At the time we removed
>socks5 and http support because they were considered bloat.  No other
>real reason.
>
>I'd like to know the sock4 vs sock5 numbers for the userbase.  If people
>are using sock5 more.  Then maybe sock4 should vanish in rebalance the
>code growth.
>
Code bloat?

Socks4 support was written in approximately twenty lines of code, and 
significantly improved SSH's ability to tunnel protocols.  Instead of 
needing custom handlers for web traffic, file transfer, Yahoo IM, AOL, 
and everything else that dared to connect to more than one IP/port 
combination, we had one extremely simple wrapper.

Socks5 is only slightly more complicated than Socks4, and repairs the 
problematic DNS leakage.  And it's just a slightly different protocol tree.

Don't think in terms of protocol users; nobody uses protocols.  They use 
tools.  And there's no shortage of users for the tools DF enables.

I'm all for removing code bloat, but these are _such_ simple hacks 
relative to the functionality they generate, that I think it's 
inappropriate to talk about.  HTTP would be useful, simply because 
there's lots of apps that can only proxy over HTTP, but I can see where 
one might wish to avoid that level of string parsing.  But socks4 is a 
seven byte header and socks5 ain't much larger; we can do that.

I keep getting harassed about this (OSX users are rather insistent 
*smiles*).

--Dan





More information about the openssh-unix-dev mailing list