Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sock_dtls: move common code into sock_dtls_establish_session() #19142

Merged
merged 3 commits into from
Feb 20, 2023
Merged

sock_dtls: move common code into sock_dtls_establish_session() #19142

merged 3 commits into from
Feb 20, 2023

Conversation

benpicco
Copy link
Contributor

@benpicco benpicco commented Jan 13, 2023
edited
Loading

Contribution description

Currently the logic to establish a DTLS session is open-coded in each protocol that uses DTLS (CoAPS, DoDTLS).

To avoid code duplication, move the common code to establish a connection into a sock_dtls_connect() helper function that can be shared by it's users.

Testing procedure

  • tests/nanocoap_cli still works as before, can connect to examples/gcoap_dtls server via CoAPS
  • tests/gnrc_sock_dodtls still untested
output of gnrc_sock_dodtls 
> dodtls server [2001:db8::1]:853 5853 Client_identity secretPSK
DNS server: [2001:db8::1%5]:853

> dodtls request example.org inet6
example.org resolves to 2606:2800:220:1:248:1893:25c8:1946

> dodtls request example.org inet
example.org resolves to 93.184.216.34

Issues/PRs references

@github-actions github-actions bot added Area: CoAP Area: Constrained Application Protocol implementations Area: network Area: Networking Area: sys Area: System labels Jan 13, 2023
@benpicco benpicco requested a review from pokgak January 13, 2023 17:18
@benpicco benpicco added the Type: cleanup The issue proposes a clean-up / The PR cleans-up parts of the codebase / documentation label Jan 13, 2023
@benpicco benpicco added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Jan 31, 2023
@benpicco benpicco requested a review from kfessel January 31, 2023 19:34
miri64
miri64 reviewed Jan 31, 2023
View reviewed changes
sys/include/net/sock/util.h Outdated Show resolved Hide resolved
@riot-ci
Copy link

riot-ci commented Jan 31, 2023
edited
Loading

Murdock results

✔️ PASSED

df4ef80 sock_dodtls: make use of sock_dtls_establish_session()

Success Failures Total Runtime
6865 0 6865 13m:50s

Artifacts

@benpicco benpicco added the State: waiting for maintainer State: Action by a maintainer is required label Feb 2, 2023
@benpicco benpicco changed the title sock_dtls: move common code into sock_dtls_connect() sock_dtls: move common code into sock_dtls_establish_session() Feb 8, 2023
@benpicco benpicco requested a review from fabian18 February 10, 2023 15:18
kfessel
kfessel reviewed Feb 17, 2023
View reviewed changes
Copy link
Contributor

@kfessel kfessel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@benpicco benpicco removed the State: waiting for maintainer State: Action by a maintainer is required label Feb 18, 2023
fabian18
fabian18 approved these changes Feb 19, 2023
View reviewed changes
Copy link
Contributor

@fabian18 fabian18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please Squash. I think it is looking good too.
I´ve got a problem with python when setting up dodtls, even though the instructions are pretty detailed. Since you´ve tested it, it should be good.

@benpicco
Copy link
Contributor Author

bors merge

@bors
Copy link
Contributor

bors bot commented Feb 20, 2023

Build succeeded:

@bors bors bot merged commit 96a7d0d into RIOT-OS:master Feb 20, 2023
@benpicco benpicco deleted the sock_dtls_connect branch February 20, 2023 04:26
kfessel
kfessel reviewed Feb 20, 2023
View reviewed changes
sys/net/application_layer/sock_dodtls/sock_dodtls.c
_cred_type = creds->type;
_cred_tag = creds->tag;
_id = (uint16_t)(random_uint32() & 0xffff);
exit:
memset(_dns_buf, 0, sizeof(_dns_buf)); /* flush-out unencrypted data */
mutex_unlock(&_server_mutex);
return (res > 0) ? 0 : res;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benpicco: the credman_delete(creds_tag, creds_type); got removed from line 184 maybe we need that in l. 206 if the connection could not be established since in that case it would not be closed -> that credman slot would be taken until reboot.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kind of what I thought here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missed that
but somehow i am still not fully convinced maybe the credman_delete in
_close_session is also wrong

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe that whole file should never call any credman function (but find or get) since the add should be done in another part of RIOT

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credman is weird - it's true that the credentials are only stored for the lifetime of the session.
Since they are added in _connect_server() they should also be removed if _connect_server() fails - unless they were already added to credman before.

Same goes for _close_session().

Now what I don't get is why credman is needed at all.

Copy link
Contributor

@kfessel kfessel Feb 20, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems more like it is not used as intended

intention:
init:
add all your creeds to credman

connect:
use a cred by tag

done here:

connect
add this creed to credman
use the cred just added

but there where applications before that that did the credential handling themself and these are now add cred to credman
and that use the cred

if we use it as intended we would just have one place where all the creds are managed this would make the review of the creds on a device simpler)

seems like the move to cred man is just incomplete

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#11564 (comment)

there is the reasoning why credman and not just a pointer to credentials

@MrKevinWeiss MrKevinWeiss added this to the Release 2023.04 milestone Apr 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabian18 fabian18 fabian18 approved these changes

@kfessel kfessel kfessel left review comments

@miri64 miri64 miri64 left review comments

@haukepetersen haukepetersen Awaiting requested review from haukepetersen

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

@cgundogan cgundogan Awaiting requested review from cgundogan

@maribu maribu Awaiting requested review from maribu maribu is a code owner

@pokgak pokgak Awaiting requested review from pokgak

Assignees
No one assigned
Labels
Area: CoAP Area: Constrained Application Protocol implementations Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: cleanup The issue proposes a clean-up / The PR cleans-up parts of the codebase / documentation
Projects
None yet
Milestone
Release 2023.04
Development

Successfully merging this pull request may close these issues.
6 participants
@benpicco @riot-ci @miri64 @kfessel @fabian18 @MrKevinWeiss