On 2019-11-12 9:30 p.m., Patrick Herbst wrote: > On Tue, Nov 12, 2019 at 3:00 AM Michael Richardson <mcr@xxxxxxxxxxxx> wrote: >> Close the UDP socket on the client and open a new one to get a new >> source port. >> Does that work? I'm not terribly happy with this solution, but it does >> match what TCP would do. >> > In general, here is what i do (assuming only 1 client for proof of > concept, and skipping some mundane steps) > also assuming the client is using the same addr/port, so "connect" > would not make a difference. so you are showing me your server code, correct, and this is for DTLS, right? Do you call DTLSv1_accept()? You don't seem to be creating a new socket anywhere, or calling connect() on this socket. I'm not sure I understand your comment above about connect would not be a difference. If your DGRAM socket is not connected, how can you send packets back? It would be nice if DTLS code would store the origin of every packet and demux it into multiple SSL*, but it doesn't work that way. > > s=socket(AF_INET, SOCK_DGRAM, 0); > bind(s, &serverAddr, sizeof(serverAddr)); > ssl=SSL_new(ctx); > bio=BIO_new_dgram(s, BIO_NOCLOSE); > SSL_accept(ssl); > > while (1) { > select(FD_SETSIZE, fds, NULL, NULL, NULL); > if (FD_ISSET(s)) { > n=SSL_read(ssl, buffer, sizeof(buffer)); > if (n>0) { > printf("rx: %s\n", buffer); > } else { > printf("bad things\n"); > } > } > } > > What happens is form the Server standpoint, it doesn't know when a > client restarts. When the client does restart, the server blocks on > SSL_read while the internals of the library keep reading packets until > it gets app data... so it ignores another clienthello, but doesn't > notify the server of that condition. > > am i missing something? is this worth fixing in the library? is this > intended behavior?
Attachment:
signature.asc
Description: OpenPGP digital signature