-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg/tinydtls: Adjust defaults #19331
Conversation
97b428f
to
8e3a266
Compare
I've added a third change: The default number of DTLS sessions is raised from 1 to 2. As long as this is 1 and Gcoap is used (OK, maybe we'd limit the default to 2 for gcoap), long-running DTLS sessions are impossible otherwise -- and the DTLS handshake is relatively heavy in terms of traffic and energy. [edit: conditionally on using GCOAP_DTLS, see #19331 (comment) ] |
72da1ff
to
f0e68aa
Compare
The peer-max thing is not catching it without Kconfig, as that parameter (while defined with a default in dtls.h) needs to be passed through the Makefile to take effect ... ugh. Let's see if I can fix that. |
Can I squash? (I'd reduce to three commits for the individual topics). |
42905b4
to
9e48b6e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK, trusting your testing and mostly this should be problematic in compilation :-).
bors merge |
🕐 Waiting for PR status (GitHub check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set. |
bors cancel |
🕐 Waiting for PR status (GitHub check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set. |
Ah, Murdock did not rerun yet (but is also not shown in the statuses for some reason...) |
bors merge |
bors cancel |
Canceled. |
16158: gnrc_sixlowpan_frag_sfr_congure_sfr: initial import r=miri64 a=miri64 19331: pkg/tinydtls: Adjust defaults r=miri64 a=chrysn ### Contribution description This adjusts two defaults in tinydtls: * Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT. * If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources. ### Testing procedure * Run examples/gcoap_dtls * Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`). Before, there are messages shown for every request; now there are none. Modify `examples/gcoap/server.c` as follows: ```patch diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c index bf2315cd01..28e1faac27 100644 --- a/examples/gcoap/server.c +++ b/examples/gcoap/server.c `@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = { }; static const char *_link_params[] = { - ";ct=0;rt=\"count\";obs", + ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"", NULL }; ``` The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded". ### Issues/PRs references This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR). Co-authored-by: Martine Lenders <m.lenders@fu-berlin.de> Co-authored-by: chrysn <chrysn@fsfe.org>
Build failed (retrying...): |
pkg/tinydtls/Makefile.include
Outdated
# TinyDTLS emits several messages during connection establishment at the info | ||
# level; this is way more verbose than common in RIOT. | ||
TINYDTLS_LOG_LEVEL ?= LOG_WARNING | ||
CFLAGS += -DLOG_LEVEL=$(TINYDTLS_LOG_LEVEL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might have to set this on the pkg Makefile
instead so it’s only set for this pkg
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, thanks.
bors cancel
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've moved all newly introduced sections from Makefile.include to Makefile (affecting default verbosity and buffer size selection).
Running the tests again confirms that both are still picked up (ie. the relevant information about the gcoap module is also around there).
Canceled. |
9e48b6e
to
f2d5928
Compare
bors merge |
19331: pkg/tinydtls: Adjust defaults r=benpicco a=chrysn ### Contribution description This adjusts two defaults in tinydtls: * Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT. * If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources. ### Testing procedure * Run examples/gcoap_dtls * Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`). Before, there are messages shown for every request; now there are none. Modify `examples/gcoap/server.c` as follows: ```patch diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c index bf2315cd01..28e1faac27 100644 --- a/examples/gcoap/server.c +++ b/examples/gcoap/server.c `@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = { }; static const char *_link_params[] = { - ";ct=0;rt=\"count\";obs", + ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"", NULL }; ``` The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded". ### Issues/PRs references This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR). Co-authored-by: chrysn <chrysn@fsfe.org>
bors cancel |
Canceled. |
18515: libschc: initial import as package r=miri64 a=miri64 19331: pkg/tinydtls: Adjust defaults r=miri64 a=chrysn ### Contribution description This adjusts two defaults in tinydtls: * Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT. * If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources. ### Testing procedure * Run examples/gcoap_dtls * Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`). Before, there are messages shown for every request; now there are none. Modify `examples/gcoap/server.c` as follows: ```patch diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c index bf2315cd01..28e1faac27 100644 --- a/examples/gcoap/server.c +++ b/examples/gcoap/server.c `@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = { }; static const char *_link_params[] = { - ";ct=0;rt=\"count\";obs", + ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"", NULL }; ``` The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded". ### Issues/PRs references This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR). Co-authored-by: Martine Lenders <m.lenders@fu-berlin.de> Co-authored-by: chrysn <chrysn@fsfe.org>
Build failed (retrying...): |
Build succeeded: |
Contribution description
This adjusts two defaults in tinydtls:
Testing procedure
aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json
(where testserver.json is{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}
).Before, there are messages shown for every request; now there are none.
Modify
examples/gcoap/server.c
as follows:The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".
Issues/PRs references
This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).