[stunnel-users] How to configure Stunnel for ICMP packets?
Brian Hatch
bri at stunnel.org
Mon Nov 8 02:18:43 CET 2004
> I have just started using Stunnel 4.04 with OpenSSL. This
> may seem a bit strange, but, I would like to configure
> Stunnel such that it will encrypt all my Ping packets.
> The reason in a nut shell is that I would like to use
> Ping to determine the network overhead added by SSL, as
> part of my research. How can I set up stunnel (i.e.
> stunnel.conf) to tunnel all ICMP (i.e. Ping) packets?
If you compare ICMP ECHO REQUEST/REPLY to Stunnel in any
way then your research is useless. It's an apples to oranges
comparison. You're comparing ICMP to TCP.
Better is to compare TCP to TCP. For example, create a client/server
protocol as follows:
* The TCP connection is established.
* The client sends one integer that is the length of the data,
followed by the data itself. Call this a 'packet' if you will.
* The server reads the integer, followed by the rest of the data,
and sends that data back.
* The client verifies the data was received correctly, and then
procedes to send a new 'packet'.
Then you can implement this connection on its own, and then via
Stunnel on both ends, and compare the results. Now you've got
apples-to-apples comparison.
(Suggest you implement the server as an inetd-started application,
and start it from Stunnel via the 'exec' option, to keep the extra
cleartext TCP connection out of the mix.)
Side possibilities:
* Try alternate 'packet sizes' for comparison.
* Try different crypto protocols for comparison.
--
Brian Hatch $it = $it || $another;
Systems and
Security Engineer
http://www.ifokr.org/bri/
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20041107/03d55176/attachment.sig>
More information about the stunnel-users
mailing list