[stunnel-users] Access to Packet Content

Michael Carlino (RIT Student) mac9951 at rit.edu
Wed Mar 26 13:55:06 CET 2014


Hi Jochen,
You are correct, I do not want to manipulate a TCP/IP packet.  I do want to
add to the application level HTTP packet.  That should be ok as long as I
am careful, I think.  Maybe I should say that I want to add to the HTTP
request, and leave it at that.

Yes, there is a reason.  stunnel *contains* the data I want to communicate
from client stunnel to server stunnel, within an HTTP request.

I sense a real appreciation out there for how well stunnel does it's job,
and within that a warning not to disturb it.  I surely understand that.
stunnel is a means to an end for me.  I am not looking to extend it's
capabilities in any way that would be incorporated into the code base.

Regards.


On Wed, Mar 26, 2014 at 8:36 AM, Jochen Bern <Jochen.Bern at linworks.de>wrote:

> On 26.03.2014 13:05, Michael Carlino (RIT Student) wrote:
> > In the client stunnel I need to make a small change to the HTTP
> > packet.  I need to add some data to it.
>
> Then you *don't* want to manipulate *packets* (as in, using iptables,
> tcpdump, wireshark etc.). Adding data to a packet will mess up basic
> TCP/IP mechanisms like path MTU discovery real fierce.
>
> > I know that as a proxy stunnel has to be and tries to be general in
> > nature.  I am not concerned (right now) with developing a feature that
> will
> > become available to others later.  I don't mind if my changes make my
> > development version of stunnel single-purpose.  My work is academic and
> > proof-of-concept in it's nature.
>
> Is there a reason - apart from the "server-side stunnel might want to
> close the connection" you mentioned - not to leave stunnel to do what it
> strives to do, and insert one or two additional layers with some
> dedicated HTTP-munging software (say, privoxy) instead? Or, for that
> matter, a dedicated SSL sniffer (say, ssldump) if the server side needs
> only *read* access to the actual HTTP data?
>
> Regards,
>                                                                 J. Bern
> --
> *NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
> Server--Storage--Virtualisierung--Management SW--Passion for Performance
> Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
> Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
> PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
> Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
> Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140326/41a9f0d3/attachment-0001.html>


More information about the stunnel-users mailing list