Skip to Content [alt-c]


In reply to Writing an SNI Proxy in 115 Lines of Go

Reader Nuno on 2021-01-25 at 11:38:

Hi, nice work!

If you're using this on Linux, I advise doing away with the io.MultiReader. Just return the bytes.Buffer, and io.Copy both. net.TCPConn implements io.ReaderFrom using the splice(2) syscall, which makes this much more efficient (everything happens in kernel space). io.Copy uses this implementation if it gets the unwrapped net.TCPConn.

Note, however, that this raises the number of open files. Every proxied connection uses 6 fds, 2 for the TCP connections and 4 pipes; your version is doing io.Copy on the return connection so it uses 4 fds per proxied connection.

So if you're using this for something more popular this might require some ulimit magic (the default is 1024, which is good for about 170 proxied connections).


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.