Establishing a SSL connection over UDP would be pretty tough, but has anyone thought about the possibility of allowing the 'listen' and 'destination' points to be UDP ports, with the main comms routed over TCP? This would effectively accomplish what most UDP requestors need.

I was thinking along the lines of:

Server1 (source): client = yes

[syslogcrypt] # listen on udp port 514 for syslog messages uaccept = 514 # connect to remote stunnel TCP port 5140 connect = 5140

- - - - -

Server2 (destination): client = no

[syslogcrypt] # listen on 5140 accept = 5140 # connect to local udp port 514 uconnect = 514

Logic would be along the lines of: if client = yes and uconnect is used, then die (or assume they meant tcp). if client = no and uaccept is used, then die (or assume tcp).

it should be reasonably easy to add a flag into LOCAL_OPTIONS somewhere, so that it opens a UDP server/client - along the lines of (mangled out of a simple udp server app I wrote):

int sockfd,rbind; struct sockaddr_in serv_addr, client_addr; int port,sockopt=1; char buffer[1234];

if((sockfd=socket(AF_INET, SOCK_DGRAM,0))<0) { fprintf(stderr,"UDP Server: errno = %d\n", errno); fprintf(stderr,"Cannot open datagram socket\n"); exit(1); } setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(sockopt));

// check that ports are available, and files exist? bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); serv_addr.sin_port = htons(portnumber); if((rbind = bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr))) < 0) { fprintf(stderr,"Port is not available. Exiting.\n"); exit(2); } while(1) {

length=recvfrom(sockfd,buffer,sizeof(buffer)-1,0,(struct sockaddr *) &client_addr,&addrlen); }

Any thoughts?

Regards,

Leigh.