Please could you raise this as a github issue? I'll try and take a look at it (although it may be a while since my current focus is on the 1.1.1 release). Matt On 11/08/18 16:22, Richard Weinberger wrote: > Hi! > > I have a hard time figuring how to write a DTLS UDP server that supports multiple > clients. My dummy single user server works fine. > > To support multiple clients I tried two approaches: > 1. singled threaded async IO, preferred since I have to deal with many clients > 2. multi threaded, one thread per client > > Both approaches seem to be doomed for the very same reason, namely that > DTLSv1_listen() does peek into the kernel queue and does not consume > the client hello from the UDP socket. > > Both loop around DTLSv1_listen() and as soon the function returns > 0 a new > socket for the client is created using bind/connect and the client address > as returned by DTLSv1_listen(). > > This client socket is then passed to a new thread or feed into the event loop. > In both cases the client hello is still in the queue of the server socket > and the program will over and over create new client sockets. > > After searching the web for examples I've found this thread[0], where the approaches > I tried are advertised. > In [1] the demo server at [3] is suggested as good example. > > dtls_udp_echo.c from [3] does exactly what I did in my 2nd approach, and it fails in > the same way. > As soon one client connects, it creates over and over new sockets until it dies due > to too many open files. > > After digging a bit into the source it looks to me like since commit [3], > DTLSv1_listen() assumes that you re-use the same socket for the new client. > Which makes supporting multiple clients impossible. > > Given that I'm not an OpenSSL DTLS expert I still hope I miss something. > Can you please help me to figure what the correct approach for multiple clients is? > > Thanks, > //richard > > P.s: I'm on Linux, OpenSSL 1.1.0h, but tried as OpenSSL git as of today. > > [0] https://mta.openssl.org/pipermail/openssl-users/2018-April/007861.html > [1] https://mta.openssl.org/pipermail/openssl-users/2018-April/007864.html > [2] https://web.archive.org/web/20150806185102/http://sctp.fh-muenster.de:80/dtls/dtls_udp_echo.c > [3] https://github.com/openssl/openssl/commit/e3d0dae7cf8363ca462ac425b72c7bb31c3b4b7a > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
