|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_cookie_send
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_cookie_send}
|
|
Packit |
549fdc |
@deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func})
|
|
Packit |
549fdc |
@var{key}: is a random key to be used at cookie generation
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{client_data}: contains data identifying the client (i.e. address)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{client_data_size}: The size of client's data
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{ptr}: A transport pointer to be used by @code{push_func}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{push_func}: A function that will be used to reply
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function can be used to prevent denial of service
|
|
Packit |
549fdc |
attacks to a DTLS server by requiring the client to
|
|
Packit |
549fdc |
reply using a cookie sent by this function. That way
|
|
Packit |
549fdc |
it can be ensured that a client we allocated resources
|
|
Packit |
549fdc |
for (i.e. @code{gnutls_session_t} ) is the one that the
|
|
Packit |
549fdc |
original incoming packet was originated from.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function must be called at the first incoming packet,
|
|
Packit |
549fdc |
prior to allocating any resources and must be succeeded
|
|
Packit |
549fdc |
by @code{gnutls_dtls_cookie_verify()} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} the number of bytes sent, or a negative error code.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_cookie_verify
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_cookie_verify}
|
|
Packit |
549fdc |
@deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate})
|
|
Packit |
549fdc |
@var{key}: is a random key to be used at cookie generation
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{client_data}: contains data identifying the client (i.e. address)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{client_data_size}: The size of client's data
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{_msg}: An incoming message that initiates a connection.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{msg_size}: The size of the message.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{prestate}: The cookie of this client.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will verify the received message for
|
|
Packit |
549fdc |
a valid cookie. If a valid cookie is returned then
|
|
Packit |
549fdc |
it should be associated with the session using
|
|
Packit |
549fdc |
@code{gnutls_dtls_prestate_set()} ;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function must be called after @code{gnutls_dtls_cookie_send()} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_get_data_mtu
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_get_data_mtu}
|
|
Packit |
549fdc |
@deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will return the actual maximum transfer unit for
|
|
Packit |
549fdc |
application data. I.e. DTLS headers are subtracted from the
|
|
Packit |
549fdc |
actual MTU which is set using @code{gnutls_dtls_set_mtu()} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} the maximum allowed transfer unit.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_get_mtu
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_get_mtu}
|
|
Packit |
549fdc |
@deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will return the MTU size as set with
|
|
Packit |
549fdc |
@code{gnutls_dtls_set_mtu()} . This is not the actual MTU
|
|
Packit |
549fdc |
of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()}
|
|
Packit |
549fdc |
for that reason.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} the set maximum transfer unit.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_get_timeout
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_get_timeout}
|
|
Packit |
549fdc |
@deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will return the milliseconds remaining
|
|
Packit |
549fdc |
for a retransmission of the previously sent handshake
|
|
Packit |
549fdc |
message. This function is useful when DTLS is used in
|
|
Packit |
549fdc |
non-blocking mode, to estimate when to call @code{gnutls_handshake()}
|
|
Packit |
549fdc |
if no packets have been received.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} the remaining time in milliseconds.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_prestate_set
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_prestate_set}
|
|
Packit |
549fdc |
@deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate})
|
|
Packit |
549fdc |
@var{session}: a new session
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{prestate}: contains the client's prestate
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will associate the prestate acquired by
|
|
Packit |
549fdc |
the cookie authentication with the client, with the newly
|
|
Packit |
549fdc |
established session.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This functions must be called after a successful @code{gnutls_dtls_cookie_verify()}
|
|
Packit |
549fdc |
and should be succeeded by the actual DTLS handshake using @code{gnutls_handshake()} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_set_data_mtu
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_set_data_mtu}
|
|
Packit |
549fdc |
@deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{mtu}: The maximum unencrypted transfer unit of the session
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will set the maximum size of the *unencrypted* records
|
|
Packit |
549fdc |
which will be sent over a DTLS session. It is equivalent to calculating
|
|
Packit |
549fdc |
the DTLS packet overhead with the current encryption parameters, and
|
|
Packit |
549fdc |
calling @code{gnutls_dtls_set_mtu()} with that value. In particular, this means
|
|
Packit |
549fdc |
that you may need to call this function again after any negotiation or
|
|
Packit |
549fdc |
renegotiation, in order to ensure that the MTU is still sufficient to
|
|
Packit |
549fdc |
account for the new protocol overhead.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
In most cases you only need to call @code{gnutls_dtls_set_mtu()} with
|
|
Packit |
549fdc |
the maximum MTU of your transport layer.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.1
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_set_mtu
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_set_mtu}
|
|
Packit |
549fdc |
@deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{mtu}: The maximum transfer unit of the transport
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will set the maximum transfer unit of the transport
|
|
Packit |
549fdc |
that DTLS packets are sent over. Note that this should exclude
|
|
Packit |
549fdc |
the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an
|
|
Packit |
549fdc |
Ethernet device with MTU 1500, the DTLS MTU set with this function
|
|
Packit |
549fdc |
would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_dtls_set_timeouts
|
|
Packit |
549fdc |
@anchor{gnutls_dtls_set_timeouts}
|
|
Packit |
549fdc |
@deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@var{total_timeout}: The time at which the connection will be aborted, in milliseconds.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
This function will set the timeouts required for the DTLS handshake
|
|
Packit |
549fdc |
protocol. The retransmission timeout is the time after which a
|
|
Packit |
549fdc |
message from the peer is not received, the previous messages will
|
|
Packit |
549fdc |
be retransmitted. The total timeout is the time after which the
|
|
Packit |
549fdc |
handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
The DTLS protocol recommends the values of 1 sec and 60 seconds
|
|
Packit |
549fdc |
respectively, and these are the default values.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@subheading gnutls_record_get_discarded
|
|
Packit |
549fdc |
@anchor{gnutls_record_get_discarded}
|
|
Packit |
549fdc |
@deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session})
|
|
Packit |
549fdc |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
Returns the number of discarded packets in a
|
|
Packit |
549fdc |
DTLS connection.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} The number of discarded packets.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 3.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|