RFC: OpenConnect enhancements
David Edmondson
dme at dme.org
Mon Oct 1 02:42:15 EDT 2012
(Thanks for cc'ing me - I'm not subscribed to openconnect-devel.)
On 1 Oct 2012, at 01:16, Kevin Cernekee <cernekee at gmail.com> wrote:
> I spent some time hacking on it today, and posted the changes here:
>
> https://github.com/cernekee/ocproxy/commits/master
I've merged these changes - thanks for them! The rename of ocvpn->ocproxy is also completed.
> This now seems to work reasonably well with Dante, e.g. "socksify
> telnet foo.somedomain.com". Since ocproxy only passes TCP, I told
> Dante to fake out gethostbyname(), and just pass the hostname string
> in the SOCKS connection request instead.
>
> tsocks and Opera were both able to connect through the proxy, but they
> ran their DNS lookups locally, so addressing internal hosts by name
> was problematic.
My own use case requires only that netcat work through the proxy, so I'm not familiar with those other applications. Is it a problem with tsocks and Opera that they do local DNS lookup or a problem with the proxy code?
> I am still concerned about memory usage, which keeps growing with each
> connection. Maybe the thread startup/teardown should work from a
> fixed "pool" like Apache does; currently it is dynamic.
Rather than have a pair of threads for each connection we could have a single thread for "reading from local sockets" and another for "reading from lwip connections" (the pair required due to the differing API).
More information about the openconnect-devel
mailing list