[stunnel-users] RFC: purge use of keyword 'transparent'

Michal Trojnara Michal.Trojnara at mirt.net
Fri Jan 7 13:29:28 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Markus Borst wrote:
> I therefore counter-propose to make this option work, and make it  
> work on all supported platforms. While I know that this will  
> probably not be possible, since it would require a lot of  
> programming work to be done, I nevertheless wanted to make it clear,  
> that this option is not unnecessary and should not be simply  
> discarded.

That would be great.  Unfortunately required feature (commonly called  
"non-local bind") is not available within standard BSD sockets  
interface.

In fact the generic solution requires serious modification of TCP/IP  
stacks (located in OS kernels).  This is not portable and hardly  
practical, especially with closed-source kernels (such us Microsoft  
Windows kernel).

Things get a bit easier when "connect" target is on the same machine,  
allowing for a userspace solution.  Unfortunately it's still not a  
portable approach.  One way to achieve this goal on Windows might be  
DLL injection:
https://secure.wikimedia.org/wikipedia/en/wiki/DLL_injection

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAk0nBygACgkQ/NU+nXTHMtFLkQCfV+O775wu3PdQs0fEsn5Wdklc
RwkAnj8xZBkwnbF88Ckbo0qlyyGsfJbM
=z9qX
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list