-------- Forwarded Message --------
Subject: Add new udp connect command to draft-olteanu-intarea-socks-6
Resent-Date: Thu, 7 Jan 2021 22:54:48 -0800 (PST)
Resent-From: [email protected]
Resent-To: [email protected], [email protected]
Date: Fri, 8 Jan 2021 06:54:41 +0000
From: 张 敬强 <[email protected]>
To: [email protected]
<[email protected]>
Hi,
The udp associate command in socks5 and current sock6 draft
is not very efficient for proxy servers, as each packet may
have a different target address, which will be a burden for
ACL checking and route selection.
For protocols like DNS / UDP based RTMP / QUIC , the target
address will remain the same for the socks proxy session.
For these protocols a new udp connect command is much more
suited than the udp associate command.
At the proxy side, the proxy server could get the target udp
address just like the connect command, then setup a socket of
the same address family and connect to the target address,
on linux hosts this socket can be set with bind_addr_no_port sockopt,
so the socket number won't be limited by 65535 binding ports per ip
address. The ACL checking and route selection can be done at the
very early stage of the socks proxy session, which can somehow improve
the udp packet processing efficiency.
So I suggest to add a new udp connect command, with the address and port
in socks request to be the target udp address and port. A new option
is also recommended to be added to tell the proxy server the address and
port
of the client, so port reuse for the client-proxy udp connections can be
enabled
when the proxy server setup the client side udp socket.
I didn't subscribe to this mailing list, so please CC me if needed.
Thanks
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
