DTLS Connection id (CID)

[juhis-o]

Hey

Is there support for CoAP DTLS Connection ID?

I found some mentions about this in coap_dtls_internal.h and coap__mbedtls_8c_source.html files, but it is not quite clear if this feature is available.

If it is, how do i set it up?

[mrdeep1]

Yes, there is support for CID in Mbed TLS.

The Mbed TLS library needs to be built with MBEDTLS_SSL_DTLS_CONNECTION_ID defined in include/mbedtls/mbedtls_config.h and installed. Then libcoap needs to be built using the Mbed TLS library (./configure --with-mbedtls).

[juhis-o]

Thank you for answer, Do i need to do anything additional in my project, which i am utilizing libcoap?

[mrdeep1]

Other than the 2 things that need to be done (Build and install the Mbed TLS library with Connection ID enabled, and build libcoap for Mbed TLS using the updated Mbed TLS library), I am not aware of anything else.

See #1153 .

[juhis-o]

I am bit lost, client and server negotiated usage of CID successfully, but when client is reconnecting and starts sending messages, i get these when debugging is on:
Jul 19 14:55:37.635 DEBG coap_dtls_hello: ContentType 25 Handshake 245 dropped
Jul 19 14:55:37.682 DEBG coap_dtls_hello: ContentType 25 Handshake 245 dropped

Full log is in attachment.
output.txt

[mrdeep1]

I'm trying to reproduce your situation. To get rid of the Handshake dropped messages so that they are processed, can you please try the following code change

diff --git a/src/coap_session.c b/src/coap_session.c
index ac1711f5..550038a1 100644
--- a/src/coap_session.c
+++ b/src/coap_session.c
@@ -1143,6 +1143,7 @@ coap_endpoint_get_session(coap_endpoint_t *endpoint,
 #define OFF_CONTENT_TYPE      0  /* offset of content_type in dtls_record_handshake_t */
 #define DTLS_CT_ALERT        21  /* Content Type Alert */
 #define DTLS_CT_HANDSHAKE    22  /* Content Type Handshake */
+#define DTLS_CT_CID          25  /* Content Type Connection ID */
 #define OFF_HANDSHAKE_TYPE   13  /* offset of handshake in dtls_record_handshake_t */
 #define DTLS_HT_CLIENT_HELLO  1  /* Client Hello handshake type */

@@ -1154,8 +1155,9 @@ coap_endpoint_get_session(coap_endpoint_t *endpoint,
                      OFF_HANDSHAKE_TYPE + 1);
       return NULL;
     }
-    if (payload[OFF_CONTENT_TYPE] != DTLS_CT_HANDSHAKE ||
-        payload[OFF_HANDSHAKE_TYPE] != DTLS_HT_CLIENT_HELLO) {
+    if ((payload[OFF_CONTENT_TYPE] != DTLS_CT_HANDSHAKE ||
+         payload[OFF_HANDSHAKE_TYPE] != DTLS_HT_CLIENT_HELLO) &&
+        payload[OFF_CONTENT_TYPE] != DTLS_CT_CID) {
       /* only log if not a late alert */
       if (payload[OFF_CONTENT_TYPE] != DTLS_CT_ALERT)
         coap_log_debug("coap_dtls_hello: ContentType %d Handshake %d dropped\n",

[juhis-o]

To prevent session closing after connecting to server, i am using following function when initializing server:
coap_context_set_session_timeout(ctx, 5000);
Is there anything relevant in my server code you'd like to see?

New log is in attachment.
output.txt

[mrdeep1]

@juhis-o Please try out #1482 where the server now updates the the existing CoAP session IP tuple with the new set of IP addresses the client is using, thus keeping the DTLS session information previously used across changing IP tuples.

The examples coap-client has a new option. -d 0 indicates that the client should try to negotiate CID. -d freq (where freq > 0 and freq < 256) causes the client to change the source port every freq of packets sent.

[juhis-o]

It works now! Thank you for addressing issue this quickly!