source-git / gnutls

Clone
Source Code
GIT

Blame doc/dtls-api.texi

c8 c8s master
  1.   f47c576e67f97677f78f2ba07cdb999d40537816
  2.   doc
  3.   dtls-api.texi
Blob History Raw
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_cookie_send
Packit aea12f 
@anchor{gnutls_dtls_cookie_send}
Packit aea12f 
@deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func})
Packit aea12f 
@var{key}: is a random key to be used at cookie generation
Packit aea12f
Packit aea12f 
@var{client_data}: contains data identifying the client (i.e. address)
Packit aea12f
Packit aea12f 
@var{client_data_size}: The size of client's data
Packit aea12f
Packit aea12f 
@var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()}
Packit aea12f
Packit aea12f 
@var{ptr}: A transport pointer to be used by  @code{push_func}
Packit aea12f
Packit aea12f 
@var{push_func}: A function that will be used to reply
Packit aea12f
Packit aea12f 
This function can be used to prevent denial of service
Packit aea12f 
attacks to a DTLS server by requiring the client to
Packit aea12f 
reply using a cookie sent by this function. That way
Packit aea12f 
it can be ensured that a client we allocated resources
Packit aea12f 
for (i.e. @code{gnutls_session_t} ) is the one that the
Packit aea12f 
original incoming packet was originated from.
Packit aea12f
Packit aea12f 
This function must be called at the first incoming packet,
Packit aea12f 
prior to allocating any resources and must be succeeded
Packit aea12f 
by @code{gnutls_dtls_cookie_verify()} .
Packit aea12f
Packit aea12f 
@strong{Returns:} the number of bytes sent, or a negative error code.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_cookie_verify
Packit aea12f 
@anchor{gnutls_dtls_cookie_verify}
Packit aea12f 
@deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate})
Packit aea12f 
@var{key}: is a random key to be used at cookie generation
Packit aea12f
Packit aea12f 
@var{client_data}: contains data identifying the client (i.e. address)
Packit aea12f
Packit aea12f 
@var{client_data_size}: The size of client's data
Packit aea12f
Packit aea12f 
@var{_msg}: An incoming message that initiates a connection.
Packit aea12f
Packit aea12f 
@var{msg_size}: The size of the message.
Packit aea12f
Packit aea12f 
@var{prestate}: The cookie of this client.
Packit aea12f
Packit aea12f 
This function will verify the received message for
Packit aea12f 
a valid cookie. If a valid cookie is returned then
Packit aea12f 
it should be associated with the session using
Packit aea12f 
@code{gnutls_dtls_prestate_set()} ;
Packit aea12f
Packit aea12f 
This function must be called after @code{gnutls_dtls_cookie_send()} .
Packit aea12f
Packit aea12f 
@strong{Returns:} @code{GNUTLS_E_SUCCESS}  (0) on success, or a negative error code.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_get_data_mtu
Packit aea12f 
@anchor{gnutls_dtls_get_data_mtu}
Packit aea12f 
@deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
This function will return the actual maximum transfer unit for
Packit aea12f 
application data. I.e. DTLS headers are subtracted from the
Packit aea12f 
actual MTU which is set using @code{gnutls_dtls_set_mtu()} .
Packit aea12f
Packit aea12f 
@strong{Returns:} the maximum allowed transfer unit.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_get_mtu
Packit aea12f 
@anchor{gnutls_dtls_get_mtu}
Packit aea12f 
@deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
This function will return the MTU size as set with
Packit aea12f 
@code{gnutls_dtls_set_mtu()} . This is not the actual MTU
Packit aea12f 
of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()}
Packit aea12f 
for that reason.
Packit aea12f
Packit aea12f 
@strong{Returns:} the set maximum transfer unit.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_get_timeout
Packit aea12f 
@anchor{gnutls_dtls_get_timeout}
Packit aea12f 
@deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
This function will return the milliseconds remaining
Packit aea12f 
for a retransmission of the previously sent handshake
Packit aea12f 
message. This function is useful when DTLS is used in
Packit aea12f 
non-blocking mode, to estimate when to call @code{gnutls_handshake()}
Packit aea12f 
if no packets have been received.
Packit aea12f
Packit aea12f 
@strong{Returns:} the remaining time in milliseconds.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_prestate_set
Packit aea12f 
@anchor{gnutls_dtls_prestate_set}
Packit aea12f 
@deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate})
Packit aea12f 
@var{session}: a new session
Packit aea12f
Packit aea12f 
@var{prestate}: contains the client's prestate
Packit aea12f
Packit aea12f 
This function will associate the prestate acquired by
Packit aea12f 
the cookie authentication with the client, with the newly
Packit aea12f 
established session.
Packit aea12f
Packit aea12f 
This functions must be called after a successful @code{gnutls_dtls_cookie_verify()}
Packit aea12f 
and should be succeeded by the actual DTLS handshake using @code{gnutls_handshake()} .
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_set_data_mtu
Packit aea12f 
@anchor{gnutls_dtls_set_data_mtu}
Packit aea12f 
@deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
@var{mtu}: The maximum unencrypted transfer unit of the session
Packit aea12f
Packit aea12f 
This function will set the maximum size of the *unencrypted* records
Packit aea12f 
which will be sent over a DTLS session. It is equivalent to calculating
Packit aea12f 
the DTLS packet overhead with the current encryption parameters, and
Packit aea12f 
calling @code{gnutls_dtls_set_mtu()}  with that value. In particular, this means
Packit aea12f 
that you may need to call this function again after any negotiation or
Packit aea12f 
renegotiation, in order to ensure that the MTU is still sufficient to
Packit aea12f 
account for the new protocol overhead.
Packit aea12f
Packit aea12f 
In most cases you only need to call @code{gnutls_dtls_set_mtu()}  with
Packit aea12f 
the maximum MTU of your transport layer.
Packit aea12f
Packit aea12f 
@strong{Returns:} @code{GNUTLS_E_SUCCESS}  (0) on success, or a negative error code.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.1
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_set_mtu
Packit aea12f 
@anchor{gnutls_dtls_set_mtu}
Packit aea12f 
@deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
@var{mtu}: The maximum transfer unit of the transport
Packit aea12f
Packit aea12f 
This function will set the maximum transfer unit of the transport
Packit aea12f 
that DTLS packets are sent over. Note that this should exclude
Packit aea12f 
the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an
Packit aea12f 
Ethernet device with MTU 1500, the DTLS MTU set with this function
Packit aea12f 
would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_dtls_set_timeouts
Packit aea12f 
@anchor{gnutls_dtls_set_timeouts}
Packit aea12f 
@deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds
Packit aea12f
Packit aea12f 
@var{total_timeout}: The time at which the connection will be aborted, in milliseconds.
Packit aea12f
Packit aea12f 
This function will set the timeouts required for the DTLS handshake
Packit aea12f 
protocol. The retransmission timeout is the time after which a
Packit aea12f 
message from the peer is not received, the previous messages will
Packit aea12f 
be retransmitted. The total timeout is the time after which the
Packit aea12f 
handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} .
Packit aea12f
Packit aea12f 
The DTLS protocol recommends the values of 1 sec and 60 seconds
Packit aea12f 
respectively, and these are the default values.
Packit aea12f
Packit aea12f 
To disable retransmissions set a  @code{retrans_timeout} larger than the  @code{total_timeout} .
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f
Packit aea12f 
@subheading gnutls_record_get_discarded
Packit aea12f 
@anchor{gnutls_record_get_discarded}
Packit aea12f 
@deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session})
Packit aea12f 
@var{session}: is a @code{gnutls_session_t}  type.
Packit aea12f
Packit aea12f 
Returns the number of discarded packets in a
Packit aea12f 
DTLS connection.
Packit aea12f
Packit aea12f 
@strong{Returns:} The number of discarded packets.
Packit aea12f
Packit aea12f 
@strong{Since:} 3.0
Packit aea12f 
@end deftypefun
Packit aea12f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation