[stunnel-users] UDP end-points

Red Phoenix intersect at gmail.com
Tue Nov 2 02:02:02 CET 2004

Establishing a SSL connection over UDP would be pretty tough, but has
anyone thought about the possibility of allowing the 'listen' and
'destination' points to be UDP ports, with the main comms routed over
TCP? This would effectively accomplish what most UDP requestors need.

I was thinking along the lines of:

Server1 (source):
client = yes

# listen on udp port 514 for syslog messages
uaccept = 514
# connect to remote stunnel TCP port 5140
connect = 5140

- - - - -

Server2 (destination):
client = no

# listen on 5140
accept = 5140
# connect to local udp port 514
uconnect = 514

Logic would be along the lines of:
if client = yes and uconnect is used, then die (or assume they meant tcp).
if client = no and uaccept is used, then die (or assume tcp).

it should be reasonably easy to add a flag into LOCAL_OPTIONS
somewhere, so that it opens a UDP server/client - along the lines of
(mangled out of a simple udp server app I wrote):

        int sockfd,rbind;
        struct sockaddr_in serv_addr, client_addr;
        int port,sockopt=1;
        char buffer[1234];

        if((sockfd=socket(AF_INET, SOCK_DGRAM,0))<0) {
                fprintf(stderr,"UDP Server: errno = %d\n", errno);
                fprintf(stderr,"Cannot open datagram socket\n");
        setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &sockopt,
        // check that ports are available, and files exist?
        bzero((char *) &serv_addr, sizeof(serv_addr));
        serv_addr.sin_family = AF_INET;
        serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
        serv_addr.sin_port = htons(portnumber);
        if((rbind = bind(sockfd, (struct sockaddr *) &serv_addr,
sizeof(serv_addr))) < 0) {
                fprintf(stderr,"Port is not available. Exiting.\n");
        while(1) {
length=recvfrom(sockfd,buffer,sizeof(buffer)-1,0,(struct sockaddr *)

Any thoughts?



More information about the stunnel-users mailing list