[stunnel-users] How to configure Stunnel for ICMP packets?
bri at stunnel.org
Mon Nov 8 02:18:43 CET 2004
> I have just started using Stunnel 4.04 with OpenSSL. This
> may seem a bit strange, but, I would like to configure
> Stunnel such that it will encrypt all my Ping packets.
> The reason in a nut shell is that I would like to use
> Ping to determine the network overhead added by SSL, as
> part of my research. How can I set up stunnel (i.e.
> stunnel.conf) to tunnel all ICMP (i.e. Ping) packets?
If you compare ICMP ECHO REQUEST/REPLY to Stunnel in any
way then your research is useless. It's an apples to oranges
comparison. You're comparing ICMP to TCP.
Better is to compare TCP to TCP. For example, create a client/server
protocol as follows:
* The TCP connection is established.
* The client sends one integer that is the length of the data,
followed by the data itself. Call this a 'packet' if you will.
* The server reads the integer, followed by the rest of the data,
and sends that data back.
* The client verifies the data was received correctly, and then
procedes to send a new 'packet'.
Then you can implement this connection on its own, and then via
Stunnel on both ends, and compare the results. Now you've got
(Suggest you implement the server as an inetd-started application,
and start it from Stunnel via the 'exec' option, to keep the extra
cleartext TCP connection out of the mix.)
* Try alternate 'packet sizes' for comparison.
* Try different crypto protocols for comparison.
Brian Hatch $it = $it || $another;
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the stunnel-users