Hi Jochen, You are correct, I do not want to manipulate a TCP/IP packet. I do want to add to the application level HTTP packet. That should be ok as long as I am careful, I think. Maybe I should say that I want to add to the HTTP request, and leave it at that.
Yes, there is a reason. stunnel *contains* the data I want to communicate from client stunnel to server stunnel, within an HTTP request.
I sense a real appreciation out there for how well stunnel does it's job, and within that a warning not to disturb it. I surely understand that. stunnel is a means to an end for me. I am not looking to extend it's capabilities in any way that would be incorporated into the code base.
Regards.
On Wed, Mar 26, 2014 at 8:36 AM, Jochen Bern Jochen.Bern@linworks.dewrote:
On 26.03.2014 13:05, Michael Carlino (RIT Student) wrote:
In the client stunnel I need to make a small change to the HTTP packet. I need to add some data to it.
Then you *don't* want to manipulate *packets* (as in, using iptables, tcpdump, wireshark etc.). Adding data to a packet will mess up basic TCP/IP mechanisms like path MTU discovery real fierce.
I know that as a proxy stunnel has to be and tries to be general in nature. I am not concerned (right now) with developing a feature that
will
become available to others later. I don't mind if my changes make my development version of stunnel single-purpose. My work is academic and proof-of-concept in it's nature.
Is there a reason - apart from the "server-side stunnel might want to close the connection" you mentioned - not to leave stunnel to do what it strives to do, and insert one or two additional layers with some dedicated HTTP-munging software (say, privoxy) instead? Or, for that matter, a dedicated SSL sniffer (say, ssldump) if the server side needs only *read* access to the actual HTTP data?
Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel