Hi
I'm using the following s/w versions on RHEL3:
Stunnel: 4.04 (also experimenting with 4.22, no difference so far) Samba: 3.0.9-1.3E.10 Kernel: 2.4.21-32.0.1.EL
Stunnel is used to encrypt samba connections from linux clients because redhat 3 doesn't support NTLMv2 (cifs not standard and probably not an option). To list 5000 files (simply typing ls within a mounted directory on the client) it consistently takes around 20-23 seconds to return the data. Listing is almost instantaneous when using a windows client, or using a linux client without stunnel. As a side note, if I pipe the result to /dev/null it takes around 9 seconds (?). The network forwarding path from the samba client to samba server is: smbclient > localhost:924 > stunnel > remotehost:923 > stunnel > samba server (port 446)
Tcpdump shows that when using stunnel about 10500 packets are generated, minus stunnel it's more like 500. I'd expect some overhead related to SSL, but 21 times the traffic seems a little excessive. I've experimented with socket options such as TCP_NODELAY, SO_LINGER, SO_RCVLOWAT, SO_OOBINLINE, etc with no improvement at all. However, my understanding of these is pretty superficial so I'm not confident I've exhausted all options here (ie perhaps combining multiple settings at once).
I've got stunnel debug set to 7 on client and server. No errors and no logging at all except for the initial handshake when the mount is created. Including the tcpdump would probably be excessive at this stage. In summary, using stunnel the data gets transmitted in packets usually containing around 200 bytes, whereas without stunnel it's mostly 1408 byte packets.
Any suggestions?
Thanks
Paul