Re: DTLS with multiple clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/04/18 18:53, Varun Kulkarni wrote:
> Hi Matt,
> 
> 
> I was able to fix the issue with the following changes. The change was
> to create new fd (bound to server address) each time DTLSv1_listen() was
> called.

There should be no need to do that. Instead, when DTLSv1_listen returns
successfully, you should create a new fd for the *client* (connected to
their address as returned from DTLSv1_listen()), and then update the SSL
object for the client to use that fd. You can reuse the old fd for the
next DTLSv1_listen call. You will need a new SSL object for the next
DTLSv1_listen() call though.

Matt

>  Previously, I used the same fd for every DTLSv1_listen call.
> The new dgram BIO was created with an old fd. On passing newly created
> fd to BIO_new_dgram, the problem seems to be resolved. However, this
> leads to another question. Why doesn't DTLS_listen queue up the
> connections similar to accept call? Does that mean DTLS can support only
> one handshake at a time? Is it recommended to create multiple fds bound
> to server address and then spawning a thread (per fd) to listen to DTLS
> requests.
> 
>      
> 
> while(1) {
> 
> int fd = socket(AF_INET6, SOCK_DGRAM, 0);
> bind(fd, &server_addr, sizeof(struct sockaddr_in6));
> 
> 
> 
>   BIO *bio = BIO_new_dgram(fd, BIO_NOCLOSE);
>   SSL *ssl = SSL_new(ctx);
>   SSL_set_bio(ssl, bio, bio);
> 
>   /* Enable cookie exchange */
>   SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
> 
>   /* Wait for incoming connections */
>   while (!DTLSv1_listen(ssl, &client_addr));
> 
>   /* connect to client on different fd and complete the handshake and
> process data packets */
> 
> }
> 
> 
> 
> 
> Thanks,
> Varun
> 
> 
> 
> On Thu, Apr 5, 2018 at 1:03 AM, Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
> 
>     Are you able to share a simple reproducer of your problem?
> 
>     Matt
> 
>     On 05/04/18 02:14, Varun Kulkarni wrote:
>     > Hi,
>     >
>     > I was able to get DTLS work with the latest version of openssl with a
>     > single client and server. However, I was unable to get it to work with
>     > multiple clients. The first client completes the handshake and works
>     > well. But however the function DTLSv1_listen returns 1 immediately
>     even
>     > for an application data packet (after the first client completes the
>     > handshake), where it should ideally return 0 and wait for the next
>     > client hello. Since it hangs on SSL_accept, the next client hello
>     > packets won't be answered.  
>     >
>     >
>     > The closest reference I have got is from:
>     > https://gist.github.com/Jxck/b211a12423622fe304d2370b1f1d30d5
>     <https://gist.github.com/Jxck/b211a12423622fe304d2370b1f1d30d5>. This
>     > doesn't seem to work for multiple clients.
>     >
>     > Any suggestions/references would be helpful in this regard. If this is
>     > not the right mailing list, please point me to the right one.
>     >
>     >
>     > --
>     >
>     >
>     > Thanks and Regards,
>     > Varun K S
>     >
>     >
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 
> -- 
> 
> 
> Regards,
> Varun K S
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux