2 @subheading gnutls_dtls_cookie_send
3 @anchor{gnutls_dtls_cookie_send}
4 @deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t* @var{key}, void* @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st* @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func})
5 @var{key}: is a random key to be used at cookie generation
7 @var{client_data}: contains data identifying the client (i.e. address)
9 @var{client_data_size}: The size of client's data
11 @var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()}
13 @var{ptr}: A transport pointer to be used by @code{push_func}
15 @var{push_func}: A function that will be used to reply
17 This function can be used to prevent denial of service
18 attacks to a DTLS server by requiring the client to
19 reply using a cookie sent by this function. That way
20 it can be ensured that a client we allocated resources
21 for (i.e. @code{gnutls_session_t} ) is the one that the
22 original incoming packet was originated from.
24 @strong{Returns:} the number of bytes sent, or a negative error code.
29 @subheading gnutls_dtls_cookie_verify
30 @anchor{gnutls_dtls_cookie_verify}
31 @deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t* @var{key}, void* @var{client_data}, size_t @var{client_data_size}, void* @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st* @var{prestate})
32 @var{key}: is a random key to be used at cookie generation
34 @var{client_data}: contains data identifying the client (i.e. address)
36 @var{client_data_size}: The size of client's data
38 @var{_msg}: An incoming message that initiates a connection.
40 @var{msg_size}: The size of the message.
42 @var{prestate}: The cookie of this client.
44 This function will verify an incoming message for
45 a valid cookie. If a valid cookie is returned then
46 it should be associated with the session using
47 @code{gnutls_dtls_prestate_set()} ;
49 @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code.
54 @subheading gnutls_dtls_get_data_mtu
55 @anchor{gnutls_dtls_get_data_mtu}
56 @deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session})
57 @var{session}: is a @code{gnutls_session_t} structure.
59 This function will return the actual maximum transfer unit for
60 application data. I.e. DTLS headers are subtracted from the
63 @strong{Returns:} the maximum allowed transfer unit.
68 @subheading gnutls_dtls_get_mtu
69 @anchor{gnutls_dtls_get_mtu}
70 @deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session})
71 @var{session}: is a @code{gnutls_session_t} structure.
73 This function will return the MTU size as set with
74 @code{gnutls_dtls_set_mtu()} . This is not the actual MTU
75 of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()}
78 @strong{Returns:} the set maximum transfer unit.
83 @subheading gnutls_dtls_get_timeout
84 @anchor{gnutls_dtls_get_timeout}
85 @deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session})
86 @var{session}: is a @code{gnutls_session_t} structure.
88 This function will return the milliseconds remaining
89 for a retransmission of the previously sent handshake
90 message. This function is useful when DTLS is used in
91 non-blocking mode, to estimate when to call @code{gnutls_handshake()}
92 if no packets have been received.
94 @strong{Returns:} the remaining time in milliseconds.
99 @subheading gnutls_dtls_prestate_set
100 @anchor{gnutls_dtls_prestate_set}
101 @deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st* @var{prestate})
102 @var{session}: a new session
104 @var{prestate}: contains the client's prestate
106 This function will associate the prestate acquired by
107 the cookie authentication with the client, with the newly
113 @subheading gnutls_dtls_set_data_mtu
114 @anchor{gnutls_dtls_set_data_mtu}
115 @deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
116 @var{session}: is a @code{gnutls_session_t} structure.
118 @var{mtu}: The maximum unencrypted transfer unit of the session
120 This function will set the maximum size of the *unencrypted* records
121 which will be sent over a DTLS session. It is equivalent to calculating
122 the DTLS packet overhead with the current encryption parameters, and
123 calling @code{gnutls_dtls_set_mtu()} with that value. In particular, this means
124 that you may need to call this function again after any negotiation or
125 renegotiation, in order to ensure that the MTU is still sufficient to
126 account for the new protocol overhead.
128 @strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code.
133 @subheading gnutls_dtls_set_mtu
134 @anchor{gnutls_dtls_set_mtu}
135 @deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu})
136 @var{session}: is a @code{gnutls_session_t} structure.
138 @var{mtu}: The maximum transfer unit of the transport
140 This function will set the maximum transfer unit of the transport
141 that DTLS packets are sent over. Note that this should exclude
142 the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an
143 Ethenet device with MTU 1500, the DTLS MTU set with this function
144 would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452.
149 @subheading gnutls_dtls_set_timeouts
150 @anchor{gnutls_dtls_set_timeouts}
151 @deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout})
152 @var{session}: is a @code{gnutls_session_t} structure.
154 @var{retrans_timeout}: The time at which a retransmission will occur in milliseconds
156 @var{total_timeout}: The time at which the connection will be aborted, in milliseconds.
158 This function will set the timeouts required for the DTLS handshake
159 protocol. The retransmission timeout is the time after which a
160 message from the peer is not received, the previous messages will
161 be retransmitted. The total timeout is the time after which the
162 handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} .
164 The DTLS protocol recommends the values of 1 sec and 60 seconds
167 If the retransmission timeout is zero then the handshake will operate
168 in a non-blocking way, i.e., return @code{GNUTLS_E_AGAIN} .
173 @subheading gnutls_record_get_discarded
174 @anchor{gnutls_record_get_discarded}
175 @deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session})
176 @var{session}: is a @code{gnutls_session_t} structure.
178 Returns the number of discarded packets in a
181 @strong{Returns:} The number of discarded packets.