DTLS for SCTP connections

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

DTLS for SCTP connections

mahesh gs
Hi,

We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence. 

I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.


If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.

Looking forward to your valuable inputs.

Thanks,
Mahesh G S

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

Michael Tuexen-4
> On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
>
> I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
>
> http://sctp.fh-muenster.de/dtls-samples.html
Try
http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
and yes, we need to bring the machine up again.

Best regards
Michael

>
> If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
>
> Looking forward to your valuable inputs.
>
> Thanks,
> Mahesh G S
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

mahesh gs
Hi,

Thank you for sharing the sample code.

I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side. 

Client side back trace

(gdb) bt
#0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
#1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
#2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
#3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
#4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
#5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
#6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
    at d1_both.c:908
#7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
#8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
#9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
#10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
#11 0x0000000000403573 in main ()


Server side back trace

(gdb) info threads
  2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
* 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
(gdb) t 2
[Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
(gdb) bt
#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
#1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
#2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
#3  0x00000000004021ee in connection_handle(void*) ()
#4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
#5  0x0000003db48e890d in clone () from /lib64/libc.so.6
(gdb)


I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.

Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443

Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161

Thanks in advance for your valuable input

Regards,
Mahesh G S



On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <[hidden email]> wrote:
> On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
>
> I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
>
> http://sctp.fh-muenster.de/dtls-samples.html
Try
http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
and yes, we need to bring the machine up again.

Best regards
Michael
>
> If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
>
> Looking forward to your valuable inputs.
>
> Thanks,
> Mahesh G S
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

log.pcap (41K) Download Attachment
server.key.pem (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

Michael Tuexen-4
> On 22 Feb 2017, at 07:47, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> Thank you for sharing the sample code.
>
> I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side.
>
> Client side back trace
>
> (gdb) bt
> #0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
> #1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
> #2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
> #3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
> #4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
> #5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
> #6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
>     at d1_both.c:908
> #7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
> #8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
> #9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
> #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
> #11 0x0000000000403573 in main ()
>
>
> Server side back trace
>
> (gdb) info threads
>   2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> * 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
> (gdb) t 2
> [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> (gdb) bt
> #0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> #1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
> #2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
> #3  0x00000000004021ee in connection_handle(void*) ()
> #4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
> #5  0x0000003db48e890d in clone () from /lib64/libc.so.6
> (gdb)
>
>
> I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.
>
> Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443
>
> Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161
>
> Thanks in advance for your valuable input
I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works.
The server is waiting for a sender dry event which it should get.

Which version of OpenSSL are you using and which OS are you using?

Best regards
Michael

>
> Regards,
> Mahesh G S
>
>
>
> On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <[hidden email]> wrote:
> > On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
> >
> > Hi,
> >
> > We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
> >
> > I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
> >
> > http://sctp.fh-muenster.de/dtls-samples.html
> Try
> http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
> and yes, we need to bring the machine up again.
>
> Best regards
> Michael
> >
> > If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
> >
> > Looking forward to your valuable inputs.
> >
> > Thanks,
> > Mahesh G S
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> <log.pcap><server.key.pem>--
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

mahesh gs
Hi Michael,

I am using "Red Hat Enterprise Linux Server release 6.4 (Santiago)" and openssl version is 1.1.0.

SCTP version :

[root@localhost DIAMETER]# rpm -qa | grep -i "sctp"
lksctp-tools-1.0.10-5.el6.x86_64
[root@localhost DIAMETER]# rpm -qi lksctp-tools-1.0.10-5.el6.x86_64
Name        : lksctp-tools                 Relocations: (not relocatable)
Version     : 1.0.10                            Vendor: Red Hat, Inc.
Release     : 5.el6                         Build Date: Mon 22 Feb 2010 12:24:33 PM CET
Install Date: Wed 08 Feb 2017 10:08:12 AM CET      Build Host: hs20-bc1-2.build.redhat.com
Group       : System Environment/Libraries   Source RPM: lksctp-tools-1.0.10-5.el6.src.rpm
Size        : 203688                           License: GPLv2 and GPLv2+ and LGPLv2 and BSD
Signature   : RSA/8, Mon 16 Aug 2010 08:17:01 PM CEST, Key ID 199e2f91fd431d51
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : User-space access to Linux Kernel SCTP
Description :
This is the lksctp-tools package for Linux Kernel SCTP (Stream Control
Transmission Protocol) Reference Implementation.



Thanks,
Mahesh G S

On Wed, Feb 22, 2017 at 8:33 PM, Michael Tuexen <[hidden email]> wrote:
> On 22 Feb 2017, at 07:47, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> Thank you for sharing the sample code.
>
> I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side.
>
> Client side back trace
>
> (gdb) bt
> #0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
> #1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
> #2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
> #3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
> #4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
> #5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
> #6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
>     at d1_both.c:908
> #7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
> #8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
> #9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
> #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
> #11 0x0000000000403573 in main ()
>
>
> Server side back trace
>
> (gdb) info threads
>   2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> * 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
> (gdb) t 2
> [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> (gdb) bt
> #0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> #1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
> #2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
> #3  0x00000000004021ee in connection_handle(void*) ()
> #4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
> #5  0x0000003db48e890d in clone () from /lib64/libc.so.6
> (gdb)
>
>
> I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.
>
> Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443
>
> Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161
>
> Thanks in advance for your valuable input
I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works.
The server is waiting for a sender dry event which it should get.

Which version of OpenSSL are you using and which OS are you using?

Best regards
Michael
>
> Regards,
> Mahesh G S
>
>
>
> On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <[hidden email]> wrote:
> > On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
> >
> > Hi,
> >
> > We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
> >
> > I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
> >
> > http://sctp.fh-muenster.de/dtls-samples.html
> Try
> http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
> and yes, we need to bring the machine up again.
>
> Best regards
> Michael
> >
> > If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
> >
> > Looking forward to your valuable inputs.
> >
> > Thanks,
> > Mahesh G S
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> <log.pcap><server.key.pem>--
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

mahesh gs
Hi,

I did some more search regarding this problem and found that its a defect in kernel SCTP. OS was built with linux kernel version 2.6 which is quite old.


I upgraded to RHEL 7.1 and the problem resolved.

Thanks for your support.

On Thu, Feb 23, 2017 at 10:43 AM, mahesh gs <[hidden email]> wrote:
Hi Michael,

I am using "Red Hat Enterprise Linux Server release 6.4 (Santiago)" and openssl version is 1.1.0.

SCTP version :

[root@localhost DIAMETER]# rpm -qa | grep -i "sctp"
lksctp-tools-1.0.10-5.el6.x86_64
[root@localhost DIAMETER]# rpm -qi lksctp-tools-1.0.10-5.el6.x86_64
Name        : lksctp-tools                 Relocations: (not relocatable)
Version     : 1.0.10                            Vendor: Red Hat, Inc.
Release     : 5.el6                         Build Date: Mon 22 Feb 2010 12:24:33 PM CET
Install Date: Wed 08 Feb 2017 10:08:12 AM CET      Build Host: hs20-bc1-2.build.redhat.com
Group       : System Environment/Libraries   Source RPM: lksctp-tools-1.0.10-5.el6.src.rpm
Size        : 203688                           License: GPLv2 and GPLv2+ and LGPLv2 and BSD
Signature   : RSA/8, Mon 16 Aug 2010 08:17:01 PM CEST, Key ID 199e2f91fd431d51
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : User-space access to Linux Kernel SCTP
Description :
This is the lksctp-tools package for Linux Kernel SCTP (Stream Control
Transmission Protocol) Reference Implementation.



Thanks,
Mahesh G S

On Wed, Feb 22, 2017 at 8:33 PM, Michael Tuexen <[hidden email]> wrote:
> On 22 Feb 2017, at 07:47, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> Thank you for sharing the sample code.
>
> I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side.
>
> Client side back trace
>
> (gdb) bt
> #0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
> #1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
> #2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
> #3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
> #4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
> #5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
> #6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
>     at d1_both.c:908
> #7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
> #8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
> #9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
> #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
> #11 0x0000000000403573 in main ()
>
>
> Server side back trace
>
> (gdb) info threads
>   2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> * 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
> (gdb) t 2
> [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> (gdb) bt
> #0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> #1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
> #2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
> #3  0x00000000004021ee in connection_handle(void*) ()
> #4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
> #5  0x0000003db48e890d in clone () from /lib64/libc.so.6
> (gdb)
>
>
> I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.
>
> Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443
>
> Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161
>
> Thanks in advance for your valuable input
I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works.
The server is waiting for a sender dry event which it should get.

Which version of OpenSSL are you using and which OS are you using?

Best regards
Michael
>
> Regards,
> Mahesh G S
>
>
>
> On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <[hidden email]> wrote:
> > On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
> >
> > Hi,
> >
> > We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
> >
> > I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
> >
> > http://sctp.fh-muenster.de/dtls-samples.html
> Try
> http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
> and yes, we need to bring the machine up again.
>
> Best regards
> Michael
> >
> > If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
> >
> > Looking forward to your valuable inputs.
> >
> > Thanks,
> > Mahesh G S
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> <log.pcap><server.key.pem>--
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DTLS for SCTP connections

Michael Tuexen-4
> On 24 Feb 2017, at 10:31, mahesh gs <[hidden email]> wrote:
>
> Hi,
>
> I did some more search regarding this problem and found that its a defect in kernel SCTP. OS was built with linux kernel version 2.6 which is quite old.
>
> Defect Link : https://sourceforge.net/p/lksctp/mailman/message/27729264/
>
> I upgraded to RHEL 7.1 and the problem resolved.
>
Great. Thanks for letting us know.

Best regards
Michael

> Thanks for your support.
>
> On Thu, Feb 23, 2017 at 10:43 AM, mahesh gs <[hidden email]> wrote:
> Hi Michael,
>
> I am using "Red Hat Enterprise Linux Server release 6.4 (Santiago)" and openssl version is 1.1.0.
>
> SCTP version :
>
> [root@localhost DIAMETER]# rpm -qa | grep -i "sctp"
> lksctp-tools-1.0.10-5.el6.x86_64
> [root@localhost DIAMETER]# rpm -qi lksctp-tools-1.0.10-5.el6.x86_64
> Name        : lksctp-tools                 Relocations: (not relocatable)
> Version     : 1.0.10                            Vendor: Red Hat, Inc.
> Release     : 5.el6                         Build Date: Mon 22 Feb 2010 12:24:33 PM CET
> Install Date: Wed 08 Feb 2017 10:08:12 AM CET      Build Host: hs20-bc1-2.build.redhat.com
> Group       : System Environment/Libraries   Source RPM: lksctp-tools-1.0.10-5.el6.src.rpm
> Size        : 203688                           License: GPLv2 and GPLv2+ and LGPLv2 and BSD
> Signature   : RSA/8, Mon 16 Aug 2010 08:17:01 PM CEST, Key ID 199e2f91fd431d51
> Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> URL         : http://lksctp.sourceforge.net
> Summary     : User-space access to Linux Kernel SCTP
> Description :
> This is the lksctp-tools package for Linux Kernel SCTP (Stream Control
> Transmission Protocol) Reference Implementation.
>
>
>
> Thanks,
> Mahesh G S
>
> On Wed, Feb 22, 2017 at 8:33 PM, Michael Tuexen <[hidden email]> wrote:
> > On 22 Feb 2017, at 07:47, mahesh gs <[hidden email]> wrote:
> >
> > Hi,
> >
> > Thank you for sharing the sample code.
> >
> > I tried running SCTP DTLS Echo server and client. I am facing strange problem "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the server side.
> >
> > Client side back trace
> >
> > (gdb) bt
> > #0  0x0000003db4c0ea10 in __recvmsg_nocancel () from /lib64/libpthread.so.0
> > #1  0x00007ffff7a64dc5 in dgram_sctp_read (b=0x6223f0, out=0x629073 "\026\376\377", outl=17741) at bss_dgram.c:1178
> > #2  0x00007ffff7a597a9 in BIO_read (b=0x6223f0, out=0x629073, outl=17741) at bio_lib.c:210
> > #3  0x00007ffff7db80e4 in ssl3_read_n (s=0x622c70, n=13, max=17741, extend=<value optimized out>) at s3_pkt.c:258
> > #4  0x00007ffff7dcaf75 in dtls1_get_record (s=0x622c70) at d1_pkt.c:676
> > #5  0x00007ffff7dcb6b8 in dtls1_read_bytes (s=0x622c70, type=22, buf=0x7ffffffedfd0 "\006", len=12, peek=0) at d1_pkt.c:938
> > #6  0x00007ffff7dcdda5 in dtls1_get_message_fragment (s=0x622c70, st1=<value optimized out>, stn=4449, max=30, ok=0x7ffffffee09c)
> >     at d1_both.c:908
> > #7  0x00007ffff7dce414 in dtls1_get_message (s=0x622c70, st1=4448, stn=4449, mt=14, max=30, ok=0x7ffffffee09c) at d1_both.c:512
> > #8  0x00007ffff7dacaf9 in ssl3_get_server_done (s=0x622c70) at s3_clnt.c:2458
> > #9  0x00007ffff7dc8467 in dtls1_connect (s=0x622c70) at d1_clnt.c:466
> > #10 0x0000000000402f75 in start_client(char*, char*, int, int, int) ()
> > #11 0x0000000000403573 in main ()
> >
> >
> > Server side back trace
> >
> > (gdb) info threads
> >   2 Thread 0x7ffff793c700 (LWP 20161)  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> > * 1 Thread 0x7ffff793e720 (LWP 20155)  0x0000003db4c0e84d in accept () from /lib64/libpthread.so.0
> > (gdb) t 2
> > [Switching to thread 2 (Thread 0x7ffff793c700 (LWP 20161))]#0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> > (gdb) bt
> > #0  0x0000003db4c0ea2d in recvmsg () from /lib64/libpthread.so.0
> > #1  0x00007ffff7a633a6 in BIO_dgram_sctp_wait_for_dry (b=0x7ffff0001930) at bss_dgram.c:1803
> > #2  0x00007ffff7dc7830 in dtls1_accept (s=0x7ffff00008c0) at d1_srvr.c:403
> > #3  0x00000000004021ee in connection_handle(void*) ()
> > #4  0x0000003db4c07851 in start_thread () from /lib64/libpthread.so.0
> > #5  0x0000003db48e890d in clone () from /lib64/libc.so.6
> > (gdb)
> >
> >
> > I am also attaching the wireshark trace (port 4443) and a server key for decoding wireshark.
> >
> > Command used on server side: ./dtls_sctp_echo -L 16.181.38.161 -p 4443
> >
> > Command used on client side : ./dtls_sctp_echo -L 16.181.38.161 -p 4443 -l 50 -n 5 16.181.38.161
> >
> > Thanks in advance for your valuable input
> I've CCed Irene, who did some testing recently on FreeBSD, where the implementation works.
> The server is waiting for a sender dry event which it should get.
>
> Which version of OpenSSL are you using and which OS are you using?
>
> Best regards
> Michael
> >
> > Regards,
> > Mahesh G S
> >
> >
> >
> > On Tue, Feb 21, 2017 at 2:28 PM, Michael Tuexen <[hidden email]> wrote:
> > > On 21 Feb 2017, at 09:53, mahesh gs <[hidden email]> wrote:
> > >
> > > Hi,
> > >
> > > We have a client, server applications that is using SCTP as a transport protocol. We have to secure the connections using DTLS. I am using openssl version 1.0.2 which supports DTLS. But the problem i am facing is usage of DTLS SCTP related API's. Openssl documentation does not clearly explain all the SCTP related API's and usage sequence.
> > >
> > > I have tried going though internet and found most of the sites redirect to one link for SCTP DTLS sample code. But this link is not working.
> > >
> > > http://sctp.fh-muenster.de/dtls-samples.html
> > Try
> > http://web.archive.org/web/20150617012520/http://sctp.fh-muenster.de/dtls-samples.html
> > and yes, we need to bring the machine up again.
> >
> > Best regards
> > Michael
> > >
> > > If any of you has an sample code of DTLS adaptation for SCTP. It would immensely help me for my work.
> > >
> > > Looking forward to your valuable inputs.
> > >
> > > Thanks,
> > > Mahesh G S
> > > --
> > > openssl-users mailing list
> > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> >
> > <log.pcap><server.key.pem>--
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...