Inheriting capabilities

By default ProxyCommand requires the process to proxy the messages between stdin and stdout, but if you set ProxyUseFdpass, the proxy command is passed a socket pair instead, and should send a file descriptor over its stdout. So rather than having your proxy command needing to constantly process data, it can pass the connection back to ssh.

I'd guess the reason why more services don't let you do stuff like this is that it's awkward to do in C, and the networking abstractions in most of the programming languages I use don't support it.