Ok, as a security consultant the idea of doing level-7 filtering in kernel space almost made me lose my breakfast -- one vulnerability in your code and you're giving away the entire shop. To be honest, I already feel like all of iptables should be done in user space.
To quote D.Knuth, "premature optimization is the root of all evil": I would really suggest trying it out and profiling first to confirm that sslh is indeed too slow. I think you're overestimating the cost of forking (it's very low in Linux).
If it turns out to be a bottleneck indeed, then I'd look at zero-copy (I remember there is a Linux-specific system call to tell the kernel to copy from one fd to another, thus you save the additional copying.). With that, the only overhead of sslh would be the forking, and even that could conceivable be removed.
Doing things in kernel space for the sake of performance, sorry, no. There has once been a kernel-space Web server in Linux: no-one used it, and the world went on with user-space Web servers, for good reasons.
Got it, your approach of creating a process per connection is ok for light use. Yet, the coolest thing SSLH could do is insert itself as filter for iptables. This way SSLH would not need to spawn a process and will not even need to do a memory copy. This is a nirvana of scalability. Take a look at http://l7-filter.sourceforge.net/ - may be it will give you an idea. I posted a use case scenario at stackoverflow: http://stackoverflow.com/questions/795551/can-haproxy-front-both-web-servers-and-ssl-vpn-on-one-ip-and-port
Basically for each incoming connection, a new process is started that shovels data from the outcoming socket to the internal socket. Cost is one memory copy.
I don't expect sslh would be a bottleneck in normal usage -- establishing https connections would typically have a much higher CPU cost than sslh processing. However, I don't think it's ever been used in such an environment, so no guarantees. If you do try it, let me know how it goes.
I am thinking of using sslh on Amazon EC2 server. Can you please tell me if sslh can handle high volume of requests and large volumes of data? It would be great to understand sshl's architecture - how it passes the connections to the target.
An open, cross-platform journaling program.
A scientific plotting package.