On 01/06/16 13:58, Matt Caswell wrote:
On 01/06/16 11:15, Alfred E. Heggestad wrote:
hi,
we are using DTLS from OpenSSL to implement DTLS-SRTP in our
product (Wire.com) .. The code and implementation works really well
and is very robust. We are using OpenSSL version 1.0.2g
since our product is deployed globally on mobile data networks,
we have quite variable latency and packetloss. The patch below
shows my working code, it has an initial retransmit timeout
of 400 ms which is incrementing by 10% for every re-trans.
obviously this patch cannot make it into the official tree.
but I would like to discuss with you guys the option to
add some kind of API for:
- Setting the initial RTO for DTLS (in milliseconds).
- Setting the retransmit policy for DTLS, i.e. should it
double or increment by X for every re-trans.
I think an API for that would be a great idea. Perhaps a callback could
be used so that you can set exactly the policy you want?
Thank you, Matt
I can work on a patch for this, if you guys can help me to define
the API.
I think we only need one CTRL api to set the next re-transmit
interval. then in the application code that calls this:
- DTLSv1_handle_timeout
- DTLSv1_get_timeout
can also call DTLS_set_retrans_interval(400)
in addition we have seen the code hit this assert
in production:
/*OPENSSL_assert(0);*/ /* XDTLS: want to see if we ever get here */
so I would say it should be safe to remove it.
Hmmmmm....the question is why does it get there? It shouldn't.
I can try to reproduce this. We have seen that this assert was
executed, when the code was under quite heavy load and lots of traffic.
/alfred
Matt
Best Regards,
Alfred E. Heggestad
Berlin
--
diff -Naur openssl-1.0.2g/ssl/d1_lib.c openssl/ssl/d1_lib.c
--- openssl-1.0.2g/ssl/d1_lib.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl/ssl/d1_lib.c 2016-06-01 10:45:27.000000000 +0200
@@ -359,6 +359,8 @@
void dtls1_start_timer(SSL *s)
{
+ struct timeval diff;
+
#ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
@@ -369,14 +371,17 @@
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec
== 0) {
- s->d1->timeout_duration = 1;
+ s->d1->timeout_duration = 0.400;
}
/* Set timeout to current time */
get_current_time(&(s->d1->next_timeout));
/* Add duration to current time */
- s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+ diff.tv_sec = 0;
+ diff.tv_usec = 1000000*s->d1->timeout_duration;
+ timeradd(&s->d1->next_timeout, &diff, &s->d1->next_timeout);
+
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
}
@@ -441,7 +446,7 @@
void dtls1_double_timeout(SSL *s)
{
- s->d1->timeout_duration *= 2;
+ s->d1->timeout_duration *= 1.10;
if (s->d1->timeout_duration > 60)
s->d1->timeout_duration = 60;
dtls1_start_timer(s);
diff -Naur openssl-1.0.2g/ssl/d1_pkt.c openssl/ssl/d1_pkt.c
--- openssl-1.0.2g/ssl/d1_pkt.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl/ssl/d1_pkt.c 2016-03-08 14:39:44.000000000 +0100
@@ -1502,7 +1502,7 @@
* will happen with non blocking IO
*/
if (s->s3->wbuf.left != 0) {
- OPENSSL_assert(0); /* XDTLS: want to see if we ever get
here */
+ /*OPENSSL_assert(0);*/ /* XDTLS: want to see if we ever
get here */
return (ssl3_write_pending(s, type, buf, len));
}
diff -Naur openssl-1.0.2g/ssl/dtls1.h openssl/ssl/dtls1.h
--- openssl-1.0.2g/ssl/dtls1.h 2016-03-01 14:35:53.000000000 +0100
+++ openssl/ssl/dtls1.h 2016-03-08 14:39:44.000000000 +0100
@@ -225,8 +225,8 @@
* Indicates when the last handshake msg or heartbeat sent will
timeout
*/
struct timeval next_timeout;
- /* Timeout duration */
- unsigned short timeout_duration;
+ /* Timeout duration in Seconds */
+ double timeout_duration;
/*
* storage for Alert/Handshake protocol data received but not yet
* processed by ssl3_read_bytes:
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
