[openssl-users] DTLS fragmentation and mem BIO

Fri Jun 5 18:42:08 UTC 2015

2015-06-05 20:18 GMT+02:00 Matt Caswell <matt at openssl.org>:

>
> I see you got it working! Just some comments below
>
> On 05/06/15 12:34, Lorenzo Miniero wrote:
> > I've started looking into filters and I have some doubts, though, also
> > taking into account what you suggested, and I apologize again if this
> > turns out to be silly. As far as I've understood, what I should do is
> > changing the current pattern I use for outgoing packets:
> >
> >       application < memBIO < ssl
> >
> > to something like this:
> >
> >       application < memBIO < filter < ssl
> >
> > or this:
> >
> >       application < filter < memBIO < ssl
> >
> > that is, a new BIO filter that enforces the fragmentation I talked
> > about. Not exactly sure about which one should be the way to go, but
> > I've given this some thought.
>
> I took a very brief look at your code and I see you went with the first
> option. That's fine, although I would have done it slightly differently:
>
> application <--   -- ssl
>               |   |
>               |   V
>               filter
>               ^   V
>               memBIO
>
> i.e. the filter does all the reading and writing to the memBIO. libssl
> calls BIO_write(), the filter takes note of the packet sizes, and then
> writes to the membBIO. When the application wants to read data it calls
> BIO_read on the filter, and the filter figures out how big the packet
> needs to be and reads that amount out of the memBIO. Your way works too
> though.
>
> Matt
>

Ah I didn't know that was an option: I'm quite unfamiliar with how BIO
filters worked, and so I just went with what made sense to me while
experimenting with them. I'll try doing something along the lines you
suggested as soon as I have some time, thanks!

Lorenzo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150605/c1dfd184/attachment-0001.html>