Hi, I did some more search regarding this problem and found that its a defect in kernel SCTP. OS was built with linux kernel version 2.6 which is quite old.
Defect Link : https://sourceforge.net/p/lksctp/mailman/message/27729264/ I upgraded to RHEL 7.1 and the problem resolved. Thanks for your support. On Thu, Feb 23, 2017 at 10:43 AM, mahesh gs <mahesh...@gmail.com> wrote: > Hi Michael, > > I am using "Red Hat Enterprise Linux Server release 6.4 (Santiago)" and > openssl version is 1.1.0. > > SCTP version : > > [root@localhost DIAMETER]# rpm -qa | grep -i "sctp" > *lksctp-tools-1.0.10-5.el6.x86_64* > [root@localhost DIAMETER]# rpm -qi lksctp-tools-1.0.10-5.el6.x86_64 > Name : lksctp-tools Relocations: (not relocatable) > Version : 1.0.10 Vendor: Red Hat, Inc. > Release : 5.el6 *Build Date: Mon 22 Feb 2010 > 12:24:33 PM CET* > Install Date: Wed 08 Feb 2017 10:08:12 AM CET Build Host: > hs20-bc1-2.build.redhat.com > Group : System Environment/Libraries Source RPM: > lksctp-tools-1.0.10-5.el6.src.rpm > Size : 203688 License: GPLv2 and GPLv2+ > and LGPLv2 and BSD > Signature : RSA/8, Mon 16 Aug 2010 08:17:01 PM CEST, Key ID > 199e2f91fd431d51 > Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> > URL : http://lksctp.sourceforge.net > Summary : User-space access to Linux Kernel SCTP > Description : > This is the lksctp-tools package for Linux Kernel SCTP (Stream Control > Transmission Protocol) Reference Implementation. > > > > Thanks, > Mahesh G S > > On Wed, Feb 22, 2017 at 8:33 PM, Michael Tuexen <Michael.Tuexen@lurchi. > franken.de> wrote: > >> > On 22 Feb 2017, at 07:47, mahesh gs <mahesh...@gmail.com> wrote: >> > >> > Hi, >> > >> > Thank you for sharing the sample code. >> > >> > I tried running SCTP DTLS Echo server and client. I am facing strange >> problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs >> on the server side. >> > >> > Client side back trace >> > >> > (gdb) bt >> > #0 0x0000003db4c0ea10 in __recvmsg_nocancel () from >> /lib64/libpthread.so.0 >> > #1 0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 >> "\026\376\377", outl=17741) at bss_dgram.c:1178 >> > #2 0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, >> outl=17741) at bio_lib.c:210 >> > #3 0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, >> extend=<value optimized out>) at s3_pkt.c:258 >> > #4 0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676 >> > #5 0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, >> buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938 >> > #6 0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, >> st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c) >> > at d1_both.c:908 >> > #7 0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, >> stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512 >> > #8 0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at >> s3_clnt.c:2458 >> > #9 0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466 >> > #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) () >> > #11 0x0000000000403573 in main () >> > >> > >> > Server side back trace >> > >> > (gdb) info threads >> > 2 Thread 0x7ffff793c700 (LWP 20161) 0x0000003db4c0ea2d in recvmsg () >> from /lib64/libpthread.so.0 >> > * 1 Thread 0x7ffff793e720 (LWP 20155) 0x0000003db4c0e84d in accept () >> from /lib64/libpthread.so.0 >> > (gdb) t 2 >> > [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0 >> 0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0 >> > (gdb) bt >> > #0 0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0 >> > #1 0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry >> (b=0x7ffff0001930) at bss_dgram.c:1803 >> > #2 0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at >> d1_srvr.c:403 >> > #3 0x00000000004021ee in connection_handle(void*) () >> > #4 0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0 >> > #5 0x0000003db48e890d in clone () from /lib64/libc.so.6 >> > (gdb) >> > >> > >> > I am also attaching the wireshark trace (port 4443) and a server key >> for decoding wireshark. >> > >> > Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443 >> > >> > Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 >> -l 50 -n 5 16.181.38.161 >> > >> > Thanks in advance for your valuable input >> I've CCed Irene, who did some testing recently on FreeBSD, where the >> implementation works. >> The server is waiting for a sender dry event which it should get. >> >> Which version of OpenSSL are you using and which OS are you using? >> >> Best regards >> Michael >> > >> > Regards, >> > Mahesh G S >> > >> > >> > >> > On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen < >> michael.tue...@lurchi.franken.de> wrote: >> > > On 21 Feb 2017, at 09:53, mahesh gs <mahesh...@gmail.com> wrote: >> > > >> > > Hi, >> > > >> > > We have a client, server applications that is using SCTP as a >> transport protocol. We have to secure the connections using DTLS. I am >> using openssl version 1.0.2 which supports DTLS. But the problem i am >> facing is usage of DTLS SCTP related API's. Openssl documentation does not >> clearly explain all the SCTP related API's and usage sequence. >> > > >> > > I have tried going though internet and found most of the sites >> redirect to one link for SCTP DTLS sample code. But this link is not >> working. >> > > >> > > http://sctp.fh-muenster.de/dtls-samples.html >> > Try >> > http://web.archive.org/web/20150617012520/http://sctp.fh-mue >> nster.de/dtls-samples.html >> > and yes, we need to bring the machine up again. >> > >> > Best regards >> > Michael >> > > >> > > If any of you has an sample code of DTLS adaptation for SCTP. It >> would immensely help me for my work. >> > > >> > > Looking forward to your valuable inputs. >> > > >> > > Thanks, >> > > Mahesh G S >> > > -- >> > > openssl-users mailing list >> > > To unsubscribe: https://mta.openssl.org/mailma >> n/listinfo/openssl-users >> > >> > -- >> > openssl-users mailing list >> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > >> > <log.pcap><server.key.pem>-- >> > openssl-users mailing list >> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users