Skip to content

Commit 5dedfaf

Browse files
boaksboaks
committed
dtls.c: ensure, alerts are reported by events.
For warning/close_notify wait for the retransmission time or response before closing the peer. For other alerts report event immediately and close the peer. Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
1 parent 11c5c53 commit 5dedfaf

1 file changed

Lines changed: 32 additions & 45 deletions

File tree

dtls.c

Lines changed: 32 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -2133,42 +2133,45 @@ static inline int
21332133
dtls_send_alert(dtls_context_t *ctx, dtls_peer_t *peer, dtls_alert_level_t level,
21342134
dtls_alert_t description) {
21352135
uint8_t msg[] = { level, description };
2136+
netq_t *n = NULL;
21362137

21372138
dtls_send(ctx, peer, DTLS_CT_ALERT, msg, sizeof(msg));
21382139

2139-
/* copy close alert in retransmit buffer to emulate timeout */
2140-
/* not resent, therefore don't copy the complete record */
2141-
netq_t *n = netq_node_new(2);
2142-
if (n) {
2143-
dtls_tick_t now;
2144-
dtls_ticks(&now);
2145-
n->t = now + 2 * CLOCK_SECOND;
2146-
n->retransmit_cnt = 0;
2147-
n->timeout = 2 * CLOCK_SECOND;
2148-
n->peer = peer;
2149-
n->epoch = peer->security_params[0]->epoch;
2150-
n->type = DTLS_CT_ALERT;
2151-
n->length = 2;
2152-
n->data[0] = level;
2153-
n->data[1] = description;
2154-
n->job = TIMEOUT;
2155-
2156-
if (!netq_insert_node(&ctx->sendqueue, n)) {
2157-
dtls_warn("cannot add alert to retransmit buffer\n");
2158-
netq_node_free(n);
2159-
n = NULL;
2140+
if (description == DTLS_ALERT_CLOSE_NOTIFY && level == DTLS_ALERT_LEVEL_WARNING) {
2141+
/* copy close alert in retransmit buffer to emulate timeout */
2142+
/* not resent, therefore don't copy the complete record */
2143+
n = netq_node_new(2);
2144+
if (n) {
2145+
dtls_tick_t now;
2146+
dtls_ticks(&now);
2147+
n->t = now + 2 * CLOCK_SECOND;
2148+
n->retransmit_cnt = 0;
2149+
n->timeout = 2 * CLOCK_SECOND;
2150+
n->peer = peer;
2151+
n->epoch = peer->security_params[0]->epoch;
2152+
n->type = DTLS_CT_ALERT;
2153+
n->length = 2;
2154+
n->data[0] = level;
2155+
n->data[1] = description;
2156+
n->job = TIMEOUT;
2157+
2158+
if (!netq_insert_node(&ctx->sendqueue, n)) {
2159+
dtls_warn("cannot add alert to retransmit buffer\n");
2160+
netq_node_free(n);
2161+
n = NULL;
21602162
#ifdef WITH_CONTIKI
2161-
} else {
2162-
/* must set timer within the context of the retransmit process */
2163-
PROCESS_CONTEXT_BEGIN(&dtls_retransmit_process);
2164-
etimer_set(&ctx->retransmit_timer, n->timeout);
2165-
PROCESS_CONTEXT_END(&dtls_retransmit_process);
2163+
} else {
2164+
/* must set timer within the context of the retransmit process */
2165+
PROCESS_CONTEXT_BEGIN(&dtls_retransmit_process);
2166+
etimer_set(&ctx->retransmit_timer, n->timeout);
2167+
PROCESS_CONTEXT_END(&dtls_retransmit_process);
21662168
#else /* WITH_CONTIKI */
2167-
dtls_debug("alert copied to retransmit buffer\n");
2169+
dtls_debug("alert copied to retransmit buffer\n");
21682170
#endif /* WITH_CONTIKI */
2171+
}
2172+
} else {
2173+
dtls_warn("cannot add alert, retransmit buffer full\n");
21692174
}
2170-
} else {
2171-
dtls_warn("cannot add alert, retransmit buffer full\n");
21722175
}
21732176
if (!n) {
21742177
/* timeout not registered */
@@ -4735,10 +4738,6 @@ dtls_handle_message(dtls_context_t *ctx,
47354738
dtls_stop_retransmission(ctx, peer);
47364739
dtls_alert_send_from_err(ctx, peer, err);
47374740

4738-
/* invalidate peer */
4739-
dtls_destroy_peer(ctx, peer, DTLS_DESTROY_CLOSE);
4740-
peer = NULL;
4741-
47424741
return err;
47434742
}
47444743
break;
@@ -4759,10 +4758,6 @@ dtls_handle_message(dtls_context_t *ctx,
47594758
dtls_info("received close_notify alert, peer has been invalidated\n");
47604759
else
47614760
dtls_warn("received fatal alert, peer has been invalidated\n");
4762-
/* handle alert has invalidated peer */
4763-
peer = NULL;
4764-
err = -1;
4765-
/* no more valid records after fatal alerts */
47664761
return 0;
47674762
} else {
47684763
dtls_stop_retransmission(ctx, peer);
@@ -4777,14 +4772,6 @@ dtls_handle_message(dtls_context_t *ctx,
47774772
" state %d\n", -err, dtls_handshake_type_to_name(data[0]),
47784773
data[0], peer->state);
47794774
dtls_alert_send_from_err(ctx, peer, err);
4780-
4781-
if (peer && DTLS_ALERT_LEVEL_FATAL == ((-err) & 0xff00) >> 8) {
4782-
/* invalidate peer */
4783-
peer->state = DTLS_STATE_CLOSED;
4784-
dtls_stop_retransmission(ctx, peer);
4785-
dtls_destroy_peer(ctx, peer, DTLS_DESTROY_CLOSE);
4786-
peer = NULL;
4787-
}
47884775
return err;
47894776
}
47904777
if (peer && peer->state == DTLS_STATE_CONNECTED) {

0 commit comments

Comments
 (0)