Improving TinyDTLS package and dtls-echo example #7615
Conversation
|
@tobhe could you maybe have a look at this to maybe? |
miri64
added
Area: network
|
Sure, I'm gonna have a look at it |
|
@rfuentess I'm on your side with the macro functions for dynamic allocations. As far as I can see the allocations we are talking about are the For the upstream repository I guess the least complex solution would be to provide one or more platform.h files containing not only constants but also platform specific function definitions, similar to micro-ecc's platform-specific.inc, as our function signatures will not differ from contiki or *nix. However, I guess it all just depends how the tinyDTLS maintainers want to solve this. About the PR itself: which gcc version have you been testing with? I'm getting a lot of implicit fallthrough warnings (which are enabled by default in GCC 7) building tinydtls: I propose adding a |
|
Thanks by the feedback @tobhe !
Yes, this brings me a next question that it has been on my mind for a while, this adaptation should be used only for tinyDTLS or should be a PR by itself? Maybe another application can benefit from it.
uh, it's seems that I'm falling behind as I'm using GCC 4.9.2 for Debian. For now, I'm going to add the |
It should be possbile to disable it in the uthash.h file only, using
I think this should be it's own PR and it's own module, as it is surely at least as useful as |
|
During the RIOT summit, there was a nice reminder of security issues with tinyDTLS (0.8.2 and 0.8.6), that were previously mentioned in different conversations but were left out of this PR. Probably, the most relevant one is the current use of PRNG as the one used by tinyDTLS is just an (non-secure) example. Therefore, I need to integrate the one from RIOT to tinyDTLS. |
As the current random api only allows to generate 32 bit random blocks, #7390 might be interesting for this |
|
@rfuentess I added a PR (#7651) for a static memory pool allocater which could be used to replace malloc |
rfuentess
force-pushed
the
dtls_upgrade
branch
from
63edee3 to
7fe7ffa
Compare
|
I just made a rebase in the PR for updating to the last release of RIOT. Also, now tinydtls is making use of @tobhe's memarray module (PR #7651). In native this is working wonderfully. However, there is an issue for communicating with nodes outside the 6LoWPAN. This is happening in the lasts steps of negotiation as the external nodes are sending keys and masters bigger than the one expected by the sensors. But for now, I'm putting my efforts in seeking to remove the There is also a memory leak happening with So, in resume, those are the next steps:
|
|
I'm still facing some issues with memory leaks (which may or not may be related to the one I already know). Located the hardfault when the main thread is not artificially increased.Good news: I located the issues (there were 2). One is fixed. Therefore, the Makefile line increasing the size of Fix the issue for scenarios with external nodesIdentified, and fixed. This also is reported to the main tinyDTLS repository as it was affecting Contiki implementations. |
This is an issue more hard to resolve than I thought originally. And, probably is the reason behind the pseudo-process used by Contiki (which in turn never erase the dtls context). One or more resources are not being released correctly by |
|
I'm going to rebase this tomorrow. For now, I'm able to create and close as much DTLS channels as I want with PSK or RPK (tested with Fix the memory leak of dtls_free_context()The memory leak remains for now. It's not that easy to remove it and the team of tinyDTLS want to analyze it better before applying an official patch. |
rfuentess
force-pushed
the
dtls_upgrade
branch
2 times, most recently
from
451239c to
8696c5e
Compare
rfuentess
changed the title
|
And finally, the WIP status is not anymore required!. I edited the OP. I'm leaving the commits affecting @MichelRottleuthner can you give it a look? :) Also, Is it possible to add the flag |
|
please rebase
sure, but on which PR does this one wait? |
smlng
added
the
State: waiting for other PR
|
@smlng it uses the memory block allocator in #7651, i suppose that's what @rfuentess meant |
|
As briefly discussed offline with @smlng, I'll wait for #7651 to be merged into master before making a rebase.
Yes, exactly! I should had been more clearly, sorry. |
|
At this moment, there is a testing branch (for RIOT) on the official tinydtls repository (Thanks @obgm !) :) git clone -b riot-support git://git.eclipse.org/gitroot/tinydtls/org.eclipse.tinydtls.gitIt's already tested with this PR for native, iotlab-m3, iotlab-a8-m3, samr21-xpro and partially with openmote-cc2538. So, this is the current plan:
|
|
Starting the next month is going to be hard for me to test this PR on real hardware. Therefore, it is possible to merge it for the next release? |
|
Ping @MichelRottleuthner, @aabadie. |
|
I had no time to do a proper review and just did a quick test. On native everything works as expected. On real hardware I ran into problems related to the delay parameter. If it's too small the example won't work with DTLS_ECC enabled. |
Actually, I left the timer exposed intentionally. I think this would be particularly useful to users who have different types of hardware for making performance tests. Particularly with ECC which requires around 10 seconds if all the encryption/decryption is made by software.
For 'try_send' both my RIOT client example and the default Linux client have a similar behavior. They send the upper layer data by means of dtls_write(). However, I just noticed that the description of my 'try_send' is wrong. I'll fix this. In the case of
Yes, this is true. But, because I was writing an example, I wanted to make easy the comparison between client and server instead of having a common source file for both of them. |
I don't get how the timer makes it easier to make performance tests? If I measure performance I want to measure time spent doing calcuation, sending data and son on - not the time spent (unconditionally)waiting. |
Probably it was only useful for me due that I was testing the minimum delay that I could implement. For other scenario probably is just redundant and adding complexity. Fair enough, I'll make use of
It is not ideal to just wait for an answer in the handshake process because it's not uncommon that one or more messages got lost. Also, the tinyDTLS retransmission of lost DTLS records is kind of broken on 802.15.4 and I had to put it at a minimum. This is on the TODO list for tinyDTLS but far below of the memory improvement, and both of them are for future PRs. If I don't use the timeout and the handshake fails after the second flight I'm forced to restart the other side as well. With this timeout, the node eventually sends a DTLS Alert record to the other peer, saving me some seconds between tests. |
|
Though, alternatively, I could add the delay directly into sock_udp_recv() and not with a xtimer at the end of the loop. |
|
@MichelRottleuthner, Comments addressed :) |
examples/dtls-echo/Makefile
Outdated
| USEMODULE += gnrc_udp | ||
| # Add a routing protocol | ||
| USEMODULE += gnrc_sock_udp | ||
| # Add a routing protocol (optional) |
There was a problem hiding this comment.
can you please remove any module not needed for the dtls example? IHMO, gnrc_rpl and icmpv6_echo are not required, even ps os not mandatory. Also I would simply use gnrc_ipv6_default instead of _router_default.
Keep it simple, if somebody wants to use multi-hop networking and run dtls over it, fine but I guess then they can also extend and add modules as needed.
pkg/tinydtls/Makefile.dep
Outdated
| @@ -1,9 +1,41 @@ | |||
| ifneq (,$(filter tinydtls,$(USEPKG))) | |||
| USEMODULE += tinydtls | |||
|
|
|||
| # Mandatory for tinyDTLS | |||
| CFLAGS += -DDTLSv12 -DWITH_SHA256 | |||
There was a problem hiding this comment.
IMHO all of these CFLAGS modification should go into pkg/tinydtls/Makefile.include or even in the pkg/tinydtls/Makefile, the .dep should only describe module dependencies.
|
@smlng , Comments addressed |
|
Are all comments addressed here? |
|
From my side, I believe that yes.
Le ven. 29 juin 2018 à 18:16, Francisco Acosta <[email protected]> a
écrit :
… Are all comments addressed here?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7615 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AKv_kSR9S9TqXcdtByq6soRob6cphpcQks5uBlLAgaJpZM4PbFS9>
.
|
kYc0o
added
the
CI: ready for build
|
@aabadie @smlng changes ok? @rfuentess there are still some murdock errors |
|
@MichelRottleuthner can you please re-test and approve when good? Though I see lots of room for improving the code, eg. deduplication and structure, I think this PR already goes into the right direction. Let's get this in and work on it in followup PRs. @rfuentess after @MichelRottleuthner ACK please squash as needed and make Murdock happy 😄 |
|
@MichelRottleuthner is OK if I a do squash now? |
|
sure, go ahead |
The integration of TinyDTLS for RIOT has been merged into the development branch of the official repository. It will be officially available on the master branch in the next release of tinyDTLS. Other minor updates: - Support for the RIOT's memarray - tinydtls/sha2 is removed from the compilation for giving priority to RIOT's sha2 functions.
Due to all the changes, this is basically a new version for this example. The main benefit is the use of sock_udp but also the client side is now more robust and reliable. The parameters required for the PSK and ECC (e.g. keys) modes are moved to an unique header.
|
ping @aabadie |
|
🎉 congrats @rfuentess - thx @MichelRottleuthner for testing! |
This PR is the first of a series of PRs for addressing the work with tinyDTLS (See RFC).
This PR upgrade the following:
pkg/tinydtls: Upgrades to the current version of tinyDTLS (0.8.6) and simplifies the user requirements for the application's makefile.example/dtls-echo: Switches to the use of socks, increases the stability and also add a feature for testing CoAP Secure servers (or any other service running over DLTS).Work in progress
[December: Not anymore WIP]
The following issues are the reason this is marked as WIP.Dynamic memory
As stated previously in the RFC, one of the major issues with tinyDTLS and RIOT is the handling of the memory required for the data structures of the former. Right now, I'm using the original code which uses malloc/free functions. Yet, this is far from optimal for RIOT.
The testings with the
iotlab-m3andiotlab-a8-m3is OK, but with the price of inflating the stack size of the main thread. In a similar fashion, the testings forsamr21-xprocan handle the client side of DTLS, yet is suffering from overflow from the server side.I'm thinking of using macro functions with static arrays for replacing the calls of malloc/free. Yet, this is a very general problem for many applications, so, I would like the opinion of others before to proceed with this.Official repository
This is a minor issue, my current branch of tinyDTLS is ready to merge with the official branch. Yet, we are not sure of how integrating it without making more complex it for other platforms.
If not viable solutions are achieved here, I'm going to change the approach used forpkg/tinydtlsby using the official repository and a series of patches for when the package is called.Issues/PRs references
This PR depends on PR
#7651