RFC: OpenConnect enhancements

David Edmondson dme at dme.org
Mon Oct 1 02:42:15 EDT 2012


(Thanks for cc'ing me - I'm not subscribed to openconnect-devel.)

On 1 Oct 2012, at 01:16, Kevin Cernekee <cernekee at gmail.com> wrote:
> I spent some time hacking on it today, and posted the changes here:
> 
> https://github.com/cernekee/ocproxy/commits/master

I've merged these changes - thanks for them! The rename of ocvpn->ocproxy is also completed.

> This now seems to work reasonably well with Dante, e.g. "socksify
> telnet foo.somedomain.com".  Since ocproxy only passes TCP, I told
> Dante to fake out gethostbyname(), and just pass the hostname string
> in the SOCKS connection request instead.
> 
> tsocks and Opera were both able to connect through the proxy, but they
> ran their DNS lookups locally, so addressing internal hosts by name
> was problematic.

My own use case requires only that netcat work through the proxy, so I'm not familiar with those other applications. Is it a problem with tsocks and Opera that they do local DNS lookup or a problem with the proxy code?

> I am still concerned about memory usage, which keeps growing with each
> connection.  Maybe the thread startup/teardown should work from a
> fixed "pool" like Apache does; currently it is dynamic.

Rather than have a pair of threads for each connection we could have a single thread for "reading from local sockets" and another for "reading from lwip connections" (the pair required due to the differing API).




More information about the openconnect-devel mailing list