I have a hard time figuring how to write a DTLS UDP server that supports 
clients. My dummy single user server works fine.

To support multiple clients I tried two approaches:
1. singled threaded async IO, preferred since I have to deal with many clients
2. multi threaded, one thread per client

Both approaches seem to be doomed for the very same reason, namely that
DTLSv1_listen() does peek into the kernel queue and does not consume
the client hello from the UDP socket.

Both loop around DTLSv1_listen() and as soon the function returns > 0 a new
socket for the client is created using bind/connect and the client address
as returned by DTLSv1_listen().

This client socket is then passed to a new thread or feed into the event loop.
In both cases the client hello is still in the queue of the server socket
and the program will over and over create new client sockets.

After searching the web for examples I've found this thread[0], where the 
I tried are advertised.
In [1] the demo server at [3] is suggested as good example.

dtls_udp_echo.c from [3] does exactly what I did in my 2nd approach, and it 
fails in
the same way.
As soon one client connects, it creates over and over new sockets until it dies 
to too many open files.

After digging a bit into the source it looks to me like since commit [3],
DTLSv1_listen() assumes that you re-use the same socket for the new client.
Which makes supporting multiple clients impossible.

Given that I'm not an OpenSSL DTLS expert I still hope I miss something.
Can you please help me to figure what the correct approach for multiple clients 


P.s: I'm on Linux, OpenSSL 1.1.0h, but tried as OpenSSL git as of today.

[0] https://mta.openssl.org/pipermail/openssl-users/2018-April/007861.html
[1] https://mta.openssl.org/pipermail/openssl-users/2018-April/007864.html
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to