On 02/06/16 14:33, Alfred E. Heggestad wrote: > > > On 01/06/16 13:58, Matt Caswell wrote: >> >> >> On 01/06/16 11:15, Alfred E. Heggestad wrote: >>> hi, >>> >>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our >>> product (Wire.com) .. The code and implementation works really well >>> and is very robust. We are using OpenSSL version 1.0.2g >>> >>> >>> since our product is deployed globally on mobile data networks, >>> we have quite variable latency and packetloss. The patch below >>> shows my working code, it has an initial retransmit timeout >>> of 400 ms which is incrementing by 10% for every re-trans. >>> >>> >>> obviously this patch cannot make it into the official tree. >>> >>> >>> but I would like to discuss with you guys the option to >>> add some kind of API for: >>> >>> - Setting the initial RTO for DTLS (in milliseconds). >>> - Setting the retransmit policy for DTLS, i.e. should it >>> double or increment by X for every re-trans. >> >> I think an API for that would be a great idea. Perhaps a callback could >> be used so that you can set exactly the policy you want? >> > > Thank you, Matt > > > I can work on a patch for this, if you guys can help me to define > the API. > > > I think we only need one CTRL api to set the next re-transmit > interval. then in the application code that calls this: > > - DTLSv1_handle_timeout > - DTLSv1_get_timeout > > > can also call DTLS_set_retrans_interval(400) >
I'm not sure I follow you. I was thinking something like: int DTLS_set_timer_cb(SSL *s, int (*cb)(SSL *s, int timer)); Then where in the current code we have: dtls1_double_timeout(s); We might instead do if(s->d1->timer_cb != NULL) s->d1->timeout_duration = timer_cb(s, s->d1->timeout_duration); else dtls1_double_timeout(s); And in dtls1_start_timer() where we have: /* If timer is not set, initialize duration with 1 second */ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { s->d1->timeout_duration = 1; } Instead have: /* If timer is not set, initialize duration with 1 second */ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { if (s->d1->timer_cb != NULL) s->d1->timeout_duration = s->d1_timeout_cb(s, 0); else s->d1->timeout_duration = 1; } ...or something like that. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev