cURL / Mailing Lists / curl-users / Single Mail

curl-users

Is tunneling suitable for production ?

From: Bharat Varma <nbharatvarma_at_gmail.com>
Date: Mon, 24 Nov 2008 13:51:27 +0530

Hi,

Consider this -

1. I have an application which needs to stream TCP data.
2. I host my server on port 443.
3. I use CURLOPT_HTTPPROXYTUNNEL and create a TCP stream connecting to my
server on 443.

I got this test working, after giving suitable details of the proxy address,
port etc. The initial connect gets detected as a HTTP CONNECT as expected
and the remaining data is TCP, which the proxy is blissfully unaware of.
Both send() and recv() work as expected with the socket that I get using
LAST_SOCKET call of libcurl.

If I understand this correctly, the whole idea behind this is based on
luotonen web proxy tunneling RFC (which got expired in 1999) which is also
referred to in RFC 2817.

My question is, can this idea be used in production ?
Assuming I can guarantee that the server can listen on port 443 (i.e. It is
my server, my client and I can decide which ports they use or connect), what
can be the downsides of using the proxy tunnel ?

1. Any sort of problems in proxy support ? Is there anything any proxy can
do to invalidate this idea of a HTTP CONNECT and then a continous TCP stream
?
2. Any other technical problems I might have overlooked ? I am assuming that
even for authenticated proxies, I can simply give corresponding auth info
(after I get it from the user of course) and get the tunnel up and going.

Can anyone give me hints on the questions I have asked above ?

Thank you.

Bharat Varma

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-11-24