[gnutls-devel] [gnutls-help] the problem about "stream usage" in dtls/sctp

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun May 14 09:43:21 CEST 2017

On Thu, 2017-05-11 at 23:26 +0800, Wei Cheng wrote:
> hi,guys!
> i have read the rfc6083 which  describes the usage of the Datagram
> Transport Layer Security (DTLS) protocol over the Stream Control
> Transmission Protocol (SCTP).
> "stream usage " is as follows:
> 4.4.  Stream Usage
>    All DTLS messages of the ChangeCipherSpec, Alert, or Handshake
>    protocol MUST be transported on stream 0 with unlimited
> reliability
>    and with the ordered delivery feature.
>    DTLS messages of the ApplicationData protocol SHOULD use multiple
>    streams other than stream 0; they MAY use stream 0 for everything
> if
>    they do not care about minimizing head of line blocking.
> i write a push_function .like that:
> static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
> size_t size)
> {
>     priv_data_st *priv = p;
>     int ret;
>     //  i sent msg on stream #0
>     ret = sctp_sendmsg(priv->fd, data,size ,NULL, 0,0, 0,0, 0,0);
>     if (ret < 0)
>          printf("fail to sent msg \n");
>      else
>          printf("success to sent msg in push\n");
>      return ret;
> }
> i use gnutls_transpoet_set_push_fnuction to register my push
> function,
> so that all message would be sent by my push_function.
> i want to sent alert,handshake,changesuite on stream #0, while
> appilcaiton data is sent on others streams.
> in push_function,all data is already encryped,
> how i can distinguish which kind of msg it is ?
> how should i write my push_function? 
> i doubt that i am wrong in this part.

Given that you are in DTLS, the data you receive in the push function
are a complete record message. Thus you can check the ContentType field
of the record message (first byte) to determine the type.

The API however was designed for TCP/UDP and although there are few
instructions at [1], I'm not happy with that. We need simpler functions
to handle SCTP. If you or anyone else has a good proposal for extending
gnutls (new push/pull functions and/or a wrapper for
gnutls_transport_set_fastopen) for it I'd say go for it and open a
merge request. There was an example for TLS over SCTP several years
ago, but we most likely need a much simpler version of it for DTLS.

[0]. https://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00009.html
[1]. https://www.gnutls.org/manual/html_node/DTLS-and-SCTP.html


More information about the Gnutls-devel mailing list