Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkg/tinydtls: Adjust defaults #19331

Merged
merged 3 commits into from
Mar 2, 2023

Conversation

chrysn
Copy link
Member

@chrysn chrysn commented Feb 27, 2023

Contribution description

This adjusts two defaults in tinydtls:

  • Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT.
  • If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources.

Testing procedure

  • Run examples/gcoap_dtls
  • Send a CoAP request from outside, eg. with aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json (where testserver.json is {"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}).

Before, there are messages shown for every request; now there are none.

Modify examples/gcoap/server.c as follows:

diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c
index bf2315cd01..28e1faac27 100644
--- a/examples/gcoap/server.c
+++ b/examples/gcoap/server.c
@@ -68,7 +68,7 @@ static const coap_resource_t _resources[] = {
 };
 
 static const char *_link_params[] = {
-    ";ct=0;rt=\"count\";obs",
+    ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"",
     NULL
 };

The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".

Issues/PRs references

This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).

@github-actions github-actions bot added the Area: pkg Area: External package ports label Feb 27, 2023
@chrysn chrysn added Area: network Area: Networking CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Area: pkg Area: External package ports and removed Area: pkg Area: External package ports labels Feb 27, 2023
@github-actions github-actions bot removed the Area: network Area: Networking label Feb 27, 2023
@chrysn chrysn added the Area: network Area: Networking label Feb 27, 2023
@riot-ci
Copy link

riot-ci commented Feb 27, 2023

Murdock results

✔️ PASSED

f2d5928 dtls, tinydtls: Raise default number of connections

Success Failures Total Runtime
6902 0 6902 13m:29s

Artifacts

@benpicco benpicco requested a review from miri64 February 27, 2023 22:18
@github-actions github-actions bot added Area: Kconfig Area: Kconfig integration Area: sys Area: System labels Feb 28, 2023
@chrysn
Copy link
Member Author

chrysn commented Feb 28, 2023

I've added a third change: The default number of DTLS sessions is raised from 1 to 2.

As long as this is 1 and Gcoap is used (OK, maybe we'd limit the default to 2 for gcoap), long-running DTLS sessions are impossible otherwise -- and the DTLS handshake is relatively heavy in terms of traffic and energy.

[edit: conditionally on using GCOAP_DTLS, see #19331 (comment) ]

@chrysn
Copy link
Member Author

chrysn commented Feb 28, 2023

The peer-max thing is not catching it without Kconfig, as that parameter (while defined with a default in dtls.h) needs to be passed through the Makefile to take effect ... ugh. Let's see if I can fix that.

@chrysn
Copy link
Member Author

chrysn commented Feb 28, 2023

Can I squash? (I'd reduce to three commits for the individual topics).

Copy link
Member

@miri64 miri64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, trusting your testing and mostly this should be problematic in compilation :-).

@miri64
Copy link
Member

miri64 commented Feb 28, 2023

bors merge

@bors
Copy link
Contributor

bors bot commented Feb 28, 2023

🕐 Waiting for PR status (GitHub check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set.

@miri64
Copy link
Member

miri64 commented Feb 28, 2023

bors cancel
bors merge

@bors
Copy link
Contributor

bors bot commented Feb 28, 2023

🕐 Waiting for PR status (GitHub check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set.

@miri64
Copy link
Member

miri64 commented Feb 28, 2023

Ah, Murdock did not rerun yet (but is also not shown in the statuses for some reason...)

@miri64 miri64 added Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR and removed CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Feb 28, 2023
@benpicco
Copy link
Contributor

bors merge

@miri64
Copy link
Member

miri64 commented Feb 28, 2023

bors cancel
bors merge

@bors
Copy link
Contributor

bors bot commented Feb 28, 2023

Canceled.

bors bot added a commit that referenced this pull request Feb 28, 2023
16158: gnrc_sixlowpan_frag_sfr_congure_sfr: initial import r=miri64 a=miri64



19331: pkg/tinydtls: Adjust defaults r=miri64 a=chrysn

### Contribution description

This adjusts two defaults in tinydtls:

* Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT.
* If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources.

### Testing procedure

* Run examples/gcoap_dtls
* Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`).

Before, there are messages shown for every request; now there are none.

Modify `examples/gcoap/server.c` as follows:

```patch
diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c
index bf2315cd01..28e1faac27 100644
--- a/examples/gcoap/server.c
+++ b/examples/gcoap/server.c
`@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = {
 };
 
 static const char *_link_params[] = {
-    ";ct=0;rt=\"count\";obs",
+    ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"",
     NULL
 };
```

The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".

### Issues/PRs references

This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).

Co-authored-by: Martine Lenders <m.lenders@fu-berlin.de>
Co-authored-by: chrysn <chrysn@fsfe.org>
@bors
Copy link
Contributor

bors bot commented Feb 28, 2023

Build failed (retrying...):

# TinyDTLS emits several messages during connection establishment at the info
# level; this is way more verbose than common in RIOT.
TINYDTLS_LOG_LEVEL ?= LOG_WARNING
CFLAGS += -DLOG_LEVEL=$(TINYDTLS_LOG_LEVEL)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might have to set this on the pkg Makefile instead so it’s only set for this pkg

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, thanks.

bors cancel

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've moved all newly introduced sections from Makefile.include to Makefile (affecting default verbosity and buffer size selection).

Running the tests again confirms that both are still picked up (ie. the relevant information about the gcoap module is also around there).

@bors
Copy link
Contributor

bors bot commented Feb 28, 2023

Canceled.

@chrysn chrysn force-pushed the tinydtls-defaults branch from 9e48b6e to f2d5928 Compare March 2, 2023 08:17
@benpicco
Copy link
Contributor

benpicco commented Mar 2, 2023

bors merge

bors bot added a commit that referenced this pull request Mar 2, 2023
19331: pkg/tinydtls: Adjust defaults r=benpicco a=chrysn

### Contribution description

This adjusts two defaults in tinydtls:

* Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT.
* If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources.

### Testing procedure

* Run examples/gcoap_dtls
* Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`).

Before, there are messages shown for every request; now there are none.

Modify `examples/gcoap/server.c` as follows:

```patch
diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c
index bf2315cd01..28e1faac27 100644
--- a/examples/gcoap/server.c
+++ b/examples/gcoap/server.c
`@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = {
 };
 
 static const char *_link_params[] = {
-    ";ct=0;rt=\"count\";obs",
+    ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"",
     NULL
 };
```

The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".

### Issues/PRs references

This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).

Co-authored-by: chrysn <chrysn@fsfe.org>
@miri64
Copy link
Member

miri64 commented Mar 2, 2023

bors cancel
bors merge

@bors
Copy link
Contributor

bors bot commented Mar 2, 2023

Canceled.

bors bot added a commit that referenced this pull request Mar 2, 2023
18515: libschc: initial import as package r=miri64 a=miri64



19331: pkg/tinydtls: Adjust defaults r=miri64 a=chrysn

### Contribution description

This adjusts two defaults in tinydtls:

* Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT.
* If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources.

### Testing procedure

* Run examples/gcoap_dtls
* Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`).

Before, there are messages shown for every request; now there are none.

Modify `examples/gcoap/server.c` as follows:

```patch
diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c
index bf2315cd01..28e1faac27 100644
--- a/examples/gcoap/server.c
+++ b/examples/gcoap/server.c
`@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = {
 };
 
 static const char *_link_params[] = {
-    ";ct=0;rt=\"count\";obs",
+    ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"",
     NULL
 };
```

The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".

### Issues/PRs references

This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).

Co-authored-by: Martine Lenders <m.lenders@fu-berlin.de>
Co-authored-by: chrysn <chrysn@fsfe.org>
@bors
Copy link
Contributor

bors bot commented Mar 2, 2023

Build failed (retrying...):

@bors
Copy link
Contributor

bors bot commented Mar 2, 2023

Build succeeded:

@bors bors bot merged commit b062640 into RIOT-OS:master Mar 2, 2023
@MrKevinWeiss MrKevinWeiss added this to the Release 2023.04 milestone Apr 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: Kconfig Area: Kconfig integration Area: network Area: Networking Area: pkg Area: External package ports Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants