gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL][PATCH] Small buffering fixes, start of recv side cleanup

From: Jonathan Bastien-Filiatrault
Subject: Re: [PULL][PATCH] Small buffering fixes, start of recv side cleanup
Date: Wed, 08 Sep 2010 09:42:43 -0400
User-agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100329) 
Nikos Mavrogiannopoulos wrote:

On 09/01/2010 02:32 AM, Jonathan Bastien-Filiatrault wrote:


Hi and thank you! My question would be how would you move on. That is
what would be your next (planned) moves in adding DTLS?

My pleasure,

I am currently working on getting GnuTLS to receive datagram-sized
chunks and adapting the record layer so that records cannot span
datagrams when using DTLS.

Towards that goal, I have forward-ported my old (1 year+) patches to the
current master branch.
My current progress is here (broken code warning in full effect):
http://github.com/jothan/gnutls/commits/rebase%2Fdtls/
The handshake buffering code in those patches needs to be completely
redone.


Pretty fair.


The next steps are the recv + record side work I mentionned above. After
that, I will need to add HelloVerifyRequest processing. At that point, I
should be very close to (drum roll...) achieving the first
inter-implementation Free Software DTLS handshake between OpenSSL and
GnuTLS.


That would be nice :)
This has been accomplished in the latest patches. I will post that code tonight to the mailing list, but I do not expect it to be merged as it still has many loose ends. 


Many issues regarding timeout and retransmission issues are yet to be
solved. The division of responsibilities between the application and the
library regarding those issues are pretty much still in the air.


I'd suggest to move everything to the layer over gnutls. As far as I
understand from DTLS is that it can be used over many unreliable layers
with different characteristics. Maybe some sensible "defaults" exist for
UDP, as we do now for TCP.


Ok, will do.


Regarding the patches, would it help you and Simon if I mail patches
series individually instead or in addition to requesting a git-pull ? It
might more accessible to others for comment and review.


At least for me patches are easier reviewed by e-mail. However I think
it might be better to send patches (at least for merging) once some
milestones you set are completed (say once DTLS datagrams can be sent
and received, handshake works etc). That way you'll be free to change
anything in your previous work, without fearing touching already
submitted code. The current master code that you are working on
shouldn't change in this aspect. Looking forward for your patches! :)
My latest patches posted on github handshake fully with OpenSSL in DTLS mode. Application data can be exchanged. I have only tried it on the loopback interface, but it should work over the net as long as the packets are short enough and not lost. I can also post the example program I am using. 

Still to do:
 - Implement handshake reliability
 - MTU/MSS handling
 - Handshake fragmentation and reassembly.
 - Bulk encryption parameter versionning.
I am currently working on bulk encryption parameter versionning (the epoch field in DTLS). This involves decoupling the encryption parameters from the rest of the session. The resulting code should be somewhat cleaner and easier to understand (and shorter). I have mostly succeeded, but many details remain. These patches will affect the internal api for TLS. 

This is the biggest patch by far:

 lib/ext_session_ticket.c  |   56 +---
 lib/gnutls_alert.c        |    2 +-
 lib/gnutls_buffers.c      |    1 +
 lib/gnutls_cipher.c       |   74 +++---
 lib/gnutls_cipher.h       |   11 +-
 lib/gnutls_compress.c     |   13 +-
 lib/gnutls_compress.h     |    6 +-
lib/gnutls_constate.c | 717 ++++++++++++++++++--------------------------- 
 lib/gnutls_constate.h     |   33 ++-
 lib/gnutls_dtls.c         |    2 +-
 lib/gnutls_handshake.c    |   12 +-
 lib/gnutls_int.h          |   97 ++++---
 lib/gnutls_record.c       |   65 +++--
 lib/gnutls_record.h       |    2 +-
 lib/gnutls_session_pack.c |   55 +++-
 lib/gnutls_state.c        |   75 +++--
 libextra/gnutls_ia.c      |    2 +-
 17 files changed, 565 insertions(+), 658 deletions(-)
I will post the buffering patches tonight, the diffstat is not nearly as impressing. 



best regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]