Anyone who's interested in high performance network development on
Linux should take a look at what these folks are doing. It seems to
be a very clever way to eliminate the drudge work that an application
level proxy performs without significant impact on the application
code. Looks like a great performance booster. Very nice. The paper
says that this is all running on BSDI. Wish they'd picked Linux.. :-)
Application Layer Proxy Performance Using TCP Splice.
David Maltz, Pravin Bhagwat. IBM Technical Report RC-21139, March
1998. (submitted for publication).
TCP Splicing for Application Layer Proxy Performance
David Maltz, Pravin Bhagwat
Application layer proxies already play an important role in today's
networks, serving as firewalls and HTTP caches --- and their role is
being expanded to include encryption, compression, and mobility
support services. Current application layer proxies suffer major
performance penalties as they spend most of their time moving data
back and forth between connections; context switching and crossing
protection boundaries for each chunk of data they handle. We present
a technique called TCP Splice that provides kernel support for data
relaying operations which runs at near router speeds. In our lab
testing, we find SOCKS firewalls using TCP Splice can sustain a data
throughput twice that of normal firewalls, with an average packet
forwarding latency 30 times less.
Here are some other publications by one of the authors:
The MSOCKS paper also discusses TCP Splice.