Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

coap: ensure DTLS buffer is at least 200 bytes #20434

Merged
merged 2 commits into from
Apr 5, 2024
Merged

coap: ensure DTLS buffer is at least 200 bytes #20434

merged 2 commits into from
Apr 5, 2024

Conversation

benpicco
Copy link
Contributor

@benpicco benpicco commented Feb 26, 2024
edited
Loading

Contribution description

The initial DTLS handshake can be larger than a block in CoAP block-wise.
#19892 reduced the DTLS buffer to a CoAP block size + 36 bytes.
This has proven to be too little, breaking DTLS clients.

Bump DTLS_MAX_BUF to be at least 200 bytes as this has proven to work well in the past.

Testing procedure

First, create the tap interfaces by running sudo dist/tools/tapsetup/tapsetup.

In one terminal, run the GCoAP DTSL server:

make -C examples/gcoap_dtls PORT=tap1 all term

2024-02-26 20:18:43,184 # main(): This is RIOT! (Version: 2024.04-devel-327-gb8d58-DTLS_MAX_BUF-fix)
2024-02-26 20:18:43,184 # gcoap example app
2024-02-26 20:18:43,185 # All up, running the shell now

2024-02-26 20:22:23,060 # > ifconfig
2024-02-26 20:22:23,060 # Iface  7  HWaddr: 5A:1A:98:23:2D:6C 
2024-02-26 20:22:23,061 #           L2-PDU:1500  MTU:1500  HL:64  Source address length: 6
2024-02-26 20:22:23,061 #           Link type: wired
2024-02-26 20:22:23,062 #           inet6 addr: fe80::581a:98ff:fe23:2d6c  scope: link  VAL
2024-02-26 20:22:23,063 #           inet6 group: ff02::1
2024-02-26 20:22:23,063 #           inet6 group: ff02::1:ff23:2d6c

In another terminal, run the nanoCoAP DTLS client:

make -C tests/net/nanocoap_cli PORT=tap0 all term

2024-02-26 20:23:47,051 # main(): This is RIOT! (Version: 2024.04-devel-326-gf04871)
2024-02-26 20:23:47,052 # nanocoap test app
2024-02-26 20:23:47,052 # All up, running the shell now

2024-02-26 20:23:52,901 # > ncget coaps://[fe80::581a:98ff:fe23:2d6c]/.well-known/core -
2024-02-26 20:23:52,905 # </cli/stats>;ct=0;rt="count";obs,</riot/board>

In master this would yield

2024-02-26 20:25:18,617 # main(): This is RIOT! (Version: 2024.04-devel-326-gf04871)
2024-02-26 20:25:18,618 # nanocoap test app
2024-02-26 20:25:18,618 # All up, running the shell now

2024-02-26 20:25:19,605 # > ncget coaps://[fe80::581a:98ff:fe23:2d6c]/.well-known/core -
2024-02-26 20:25:19,606 # cannot send ClientHello
2024-02-26 20:25:20,606 # cannot send ClientHello
2024-02-26 20:25:22,607 # cannot send ClientHello

Issues/PRs references

follow-up to #19892

@github-actions github-actions bot added Area: network Area: Networking Area: CoAP Area: Constrained Application Protocol implementations Area: sys Area: System labels Feb 26, 2024
@benpicco benpicco added Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Feb 26, 2024
@riot-ci
Copy link

riot-ci commented Feb 26, 2024
edited
Loading

Murdock results

✔️ PASSED

11b4564 sys/net/gcoap: ensure DTLS buffer is at least 200 bytes

Success Failures Total Runtime
10027 0 10027 11m:29s

Artifacts

@Teufelchen1
Copy link
Contributor

*ding dong it's release' o'clock * Ping @benpicco

@benpicco
Copy link
Contributor Author

benpicco commented Apr 3, 2024

I now use a shell call to calculate DTLS_MAX_BUF which gives much more sane values.

@benpicco
Copy link
Contributor Author

benpicco commented Apr 4, 2024

@Teufelchen1 can this still get into the release? It fixes a regression.

@Teufelchen1 Teufelchen1 added this pull request to the merge queue Apr 5, 2024
Merged via the queue into RIOT-OS:master with commit b5f9772 Apr 5, 2024
26 checks passed
@benpicco benpicco deleted the DTLS_MAX_BUF-fix branch April 5, 2024 10:53
@MrKevinWeiss MrKevinWeiss added this to the Release 2024.04 milestone Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabian18 fabian18 fabian18 left review comments

@chrysn chrysn chrysn left review comments

@Teufelchen1 Teufelchen1 Teufelchen1 approved these changes

@leandrolanzieri leandrolanzieri Awaiting requested review from leandrolanzieri

@miri64 miri64 Awaiting requested review from miri64 miri64 is a code owner

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

Assignees
No one assigned
Labels
Area: CoAP Area: Constrained Application Protocol implementations Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2024.04
Development

Successfully merging this pull request may close these issues.
6 participants
@benpicco @riot-ci @Teufelchen1 @chrysn @fabian18 @MrKevinWeiss