(Thanks for cc'ing me - I'm not subscribed to openconnect-devel.) On 1 Oct 2012, at 01:16, Kevin Cernekee <cernekee at gmail.com> wrote: > I spent some time hacking on it today, and posted the changes here: > > https://github.com/cernekee/ocproxy/commits/master I've merged these changes - thanks for them! The rename of ocvpn->ocproxy is also completed. > This now seems to work reasonably well with Dante, e.g. "socksify > telnet foo.somedomain.com". Since ocproxy only passes TCP, I told > Dante to fake out gethostbyname(), and just pass the hostname string > in the SOCKS connection request instead. > > tsocks and Opera were both able to connect through the proxy, but they > ran their DNS lookups locally, so addressing internal hosts by name > was problematic. My own use case requires only that netcat work through the proxy, so I'm not familiar with those other applications. Is it a problem with tsocks and Opera that they do local DNS lookup or a problem with the proxy code? > I am still concerned about memory usage, which keeps growing with each > connection. Maybe the thread startup/teardown should work from a > fixed "pool" like Apache does; currently it is dynamic. Rather than have a pair of threads for each connection we could have a single thread for "reading from local sockets" and another for "reading from lwip connections" (the pair required due to the differing API).
