Re: [openssl-dev] DTLS retransmission api

Thu, 02 Jun 2016 07:04:58 -0700 


On 02/06/16 14:33, Alfred E. Heggestad wrote:
> 
> 
> On 01/06/16 13:58, Matt Caswell wrote:
>>
>>
>> On 01/06/16 11:15, Alfred E. Heggestad wrote:
>>> hi,
>>>
>>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our
>>> product (Wire.com) .. The code and implementation works really well
>>> and is very robust. We are using OpenSSL version 1.0.2g
>>>
>>>
>>> since our product is deployed globally on mobile data networks,
>>> we have quite variable latency and packetloss. The patch below
>>> shows my working code, it has an initial retransmit timeout
>>> of 400 ms which is incrementing by 10% for every re-trans.
>>>
>>>
>>> obviously this patch cannot make it into the official tree.
>>>
>>>
>>> but I would like to discuss with you guys the option to
>>> add some kind of API for:
>>>
>>> - Setting the initial RTO for DTLS (in milliseconds).
>>> - Setting the retransmit policy for DTLS, i.e. should it
>>>    double or increment by X for every re-trans.
>>
>> I think an API for that would be a great idea. Perhaps a callback could
>> be used so that you can set exactly the policy you want?
>>
> 
> Thank you, Matt
> 
> 
> I can work on a patch for this, if you guys can help me to define
> the API.
> 
> 
> I think we only need one CTRL api to set the next re-transmit
> interval. then in the application code that calls this:
> 
> - DTLSv1_handle_timeout
> - DTLSv1_get_timeout
> 
> 
> can also call DTLS_set_retrans_interval(400)
> 

I'm not sure I follow you. I was thinking something like:

int DTLS_set_timer_cb(SSL *s, int (*cb)(SSL *s, int timer));

Then where in the current code we have:

    dtls1_double_timeout(s);

We might instead do

    if(s->d1->timer_cb != NULL)
        s->d1->timeout_duration = timer_cb(s, s->d1->timeout_duration);
    else
        dtls1_double_timeout(s);


And in dtls1_start_timer() where we have:

    /* If timer is not set, initialize duration with 1 second */
    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec
== 0) {
        s->d1->timeout_duration = 1;
    }


Instead have:

    /* If timer is not set, initialize duration with 1 second */
    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec
== 0) {
        if (s->d1->timer_cb != NULL)
                s->d1->timeout_duration = s->d1_timeout_cb(s, 0);
        else
                s->d1->timeout_duration = 1;
    }


...or something like that.

Matt
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to