Re: Other Socket Tunnels (Was: New draft Possibilities)

["Timo J. Rinne" <tri%ssh.com@localhost>]

Hi

Since transporting datagrams over tcp tunnel is never performance 
efficient but can be useful for some other purpose (e.g. forwarding DNS 
in certain situations) I find it somewhat questionable if it's a good 
idea to define a channel type for this kind of use.  UDP protocols often 
also need some other processing in addition to just forwarding.  For 
example some kind of application gateway would be needed for protocols 
using portmapper.

I made some tests a couple years ago with simple datagram forwarding 
sybsystem that implemented UDP forwarding over normal secsh subsystem 
channel.  For DNS and NFS results were OK, however I never got to it 
ehough to make portmapper support so that NFS could have been run 
without considerable hand work.  Anyways, it worked more or less nicely 
and took maybe 4 hours to implement.  In addition to subsystem program 
only thing needed was a configuration change to secure shell server.

In my opinion, subsystems in secure shell protocol exist for just this 
kind of use and implementing this stuff as channel types don't sound 
like very good idea.  It is also worth mentioning that generic datagrams 
don't necessarily map directly to secure shell transport protocol 
packets so there will most likely be need of some kind of encapsulation 
for those datagrams before they would be sent as channel data.  This 
encapsulation could as well be on subsystem level.

Should someone be interested, I can probably release my subsystem 
protocol proto.

//Rinne