Quantcast

Re: [gnutls-devel] [gnutls-help] the problem about "stream usage" in dtls/sctp

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] [gnutls-help] the problem about "stream usage" in dtls/sctp

Nikos Mavrogiannopoulos
On Thu, 2017-05-11 at 23:26 +0800, Wei Cheng wrote:

> hi,guys!
>
> i have read the rfc6083 which  describes the usage of the Datagram
> Transport Layer Security (DTLS) protocol over the Stream Control
> Transmission Protocol (SCTP).
>
> "stream usage " is as follows:
> 4.4.  Stream Usage
>    All DTLS messages of the ChangeCipherSpec, Alert, or Handshake
>    protocol MUST be transported on stream 0 with unlimited
> reliability
>    and with the ordered delivery feature.
>    DTLS messages of the ApplicationData protocol SHOULD use multiple
>    streams other than stream 0; they MAY use stream 0 for everything
> if
>    they do not care about minimizing head of line blocking.
>
>
> i write a push_function .like that:
> static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
> size_t size)
> {
>     priv_data_st *priv = p;
>     int ret;
>     //  i sent msg on stream #0
>     ret = sctp_sendmsg(priv->fd, data,size ,NULL, 0,0, 0,0, 0,0);
>     if (ret < 0)
>          printf("fail to sent msg \n");
>      else
>          printf("success to sent msg in push\n");
>      return ret;
> }
>
> i use gnutls_transpoet_set_push_fnuction to register my push
> function,
> so that all message would be sent by my push_function.
> i want to sent alert,handshake,changesuite on stream #0, while
> appilcaiton data is sent on others streams.
> in push_function,all data is already encryped,
> how i can distinguish which kind of msg it is ?
> how should i write my push_function? 
> i doubt that i am wrong in this part.

Given that you are in DTLS, the data you receive in the push function
are a complete record message. Thus you can check the ContentType field
of the record message (first byte) to determine the type.

The API however was designed for TCP/UDP and although there are few
instructions at [1], I'm not happy with that. We need simpler functions
to handle SCTP. If you or anyone else has a good proposal for extending
gnutls (new push/pull functions and/or a wrapper for
gnutls_transport_set_fastopen) for it I'd say go for it and open a
merge request. There was an example for TLS over SCTP several years
ago, but we most likely need a much simpler version of it for DTLS.


[0]. https://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00009.html
[1]. https://www.gnutls.org/manual/html_node/DTLS-and-SCTP.html

regards,
Nikos


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] [gnutls-help] the problem about "stream usage" in dtls/sctp

Nikos Mavrogiannopoulos
On Sun, 2017-05-14 at 13:05 +0100, Jeremy Harris wrote:

> On 14/05/17 08:43, Nikos Mavrogiannopoulos wrote:
> > The API however was designed for TCP/UDP and although there are few
> > instructions at [1], I'm not happy with that. We need simpler
> > functions
> > to handle SCTP.
>
> Somewhat related
>
> - the equivalent of send( , , , MSG_MORE).  I could do it with a push
>   function, but that's just more hassle and I'd only be using it for
>   my application protocol startup sequence anyway.

You can use the gnutls_record_cork() and uncork functions for that.
Would that work for you, or did I miss the context?

> - would there be any benefit in a sendfile() equivalent?  I assume
> not
>   for a userland/cpu driven session encryption engine - but are there
>   any hardware engine implementations?

There is AF_KTLS [0] which can work with gnutls and can be used to
achieve sendfile-like functionality. However I do not know whether
something like that would ever reach mainline linux kernel. What
functionality/optimization do you have in mind?

[0]. https://github.com/ktls/af_ktls

regards,
Nikos


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] [gnutls-help] the problem about "stream usage" in dtls/sctp

Jeremy Harris
On 14/05/17 13:59, Nikos Mavrogiannopoulos wrote:
>> - the equivalent of send( , , , MSG_MORE).  I could do it with a push
>>   function, but that's just more hassle and I'd only be using it for
>>   my application protocol startup sequence anyway.
>
> You can use the gnutls_record_cork() and uncork functions for that.
> Would that work for you, or did I miss the context?

They would work, but might mean I need to carry more state around.
I assume they're cheap calls?
Is uncork safe to call if cork has never been used?

>> - would there be any benefit in a sendfile() equivalent?  I assume
>> not
>>   for a userland/cpu driven session encryption engine - but are there
>>   any hardware engine implementations?
>
> There is AF_KTLS [0] which can work with gnutls and can be used to
> achieve sendfile-like functionality. However I do not know whether
> something like that would ever reach mainline linux kernel. What
> functionality/optimization do you have in mind?

Hand it an fd and a TLS-context handle; copies data from the fd
and sends it down the TLS channel - using fewer syscalls and/or
expensive tls-library calls than an application loop: read,write,
and fewer bulk-data copies.

Bonus features are:
a) data size limit
b) starting seek-point in the source
c) support for non-seekable source fds   [ excluding (b) ]

--
Cheers,
  Jeremy

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...