mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
b0626401d8
19331: pkg/tinydtls: Adjust defaults r=miri64 a=chrysn
### Contribution description
This adjusts two defaults in tinydtls:
* Default verbosity is set to warning. At the info level, this module produces way more output (several lines per new connection, and even per message) than is common in RIOT.
* If gcoap is used, the buffer size is adjusted to the gcoap buffer size plus overhead. Otherwise, CoAP-over-DTLS works fine until one happens to request larger resources.
### Testing procedure
* Run examples/gcoap_dtls
* Send a CoAP request from outside, eg. with `aiocoap-client 'coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/.well-known/core' --credentials testserver.json` (where testserver.json is `{"coaps://[fe80::3c63:beff:fe85:ca96%tapbr0]/*": {"dtls": {"psk": {"ascii": "secretPSK"}, "client-identity": {"ascii": "Client_identity"}}}}`).
Before, there are messages shown for every request; now there are none.
Modify `examples/gcoap/server.c` as follows:
```patch
diff --git a/examples/gcoap/server.c b/examples/gcoap/server.c
index bf2315cd01..28e1faac27 100644
--- a/examples/gcoap/server.c
+++ b/examples/gcoap/server.c
`@@` -68,7 +68,7 `@@` static const coap_resource_t _resources[] = {
};
static const char *_link_params[] = {
- ";ct=0;rt=\"count\";obs",
+ ";ct=0;rt=\"count\";obs;looooooooooooooooooooooong-attribute=\"loooooooooooooooooooooooooooooong\"",
NULL
};
```
The request passes; without this patch, it is stuck in retransmissions until "Network error: Retransmissions exceeded".
### Issues/PRs references
This contributes to making #19289 usable with a minimum level of security. (That module fills up the gcoap buffer to the brim). While the module handles the verbosity as well as it can (occasionally admitting that it lost bytes of output), the previous verbosity produces an infinite stream of stdout data. (But the default should be quiet immaterial of that particular PR).
Co-authored-by: chrysn <chrysn@fsfe.org>
38 lines
1.4 KiB
Makefile
38 lines
1.4 KiB
Makefile
PKG_NAME=tinydtls
|
|
PKG_URL=https://github.com/eclipse/tinydtls.git
|
|
PKG_VERSION=5e14e4930b0f329f35809c623976df1e08ca4593
|
|
PKG_LICENSE=EPL-1.0,EDL-1.0
|
|
|
|
include $(RIOTBASE)/pkg/pkg.mk
|
|
|
|
CFLAGS += -Wno-implicit-fallthrough
|
|
|
|
all:
|
|
$(QQ)"$(MAKE)" -C $(PKG_SOURCE_DIR) -f $(PKG_SOURCE_DIR)/Makefile.riot
|
|
$(QQ)"$(MAKE)" -C $(PKG_SOURCE_DIR)/aes -f $(PKG_SOURCE_DIR)/aes/Makefile.riot
|
|
$(QQ)"$(MAKE)" -C $(PKG_SOURCE_DIR)/ecc -f $(PKG_SOURCE_DIR)/ecc/Makefile.riot
|
|
|
|
ifeq (llvm,$(TOOLCHAIN))
|
|
CFLAGS += -Wno-format-nonliteral
|
|
endif
|
|
|
|
ifneq (,$(filter gcoap,$(USEMODULE)))
|
|
# Configuring the buffer large enough that a full Gcoap packet can be
|
|
# encrypted or decrypted.
|
|
|
|
# This is the default in gcoap.h, which we don't have access to, so it is copied over.
|
|
CONFIG_GCOAP_PDU_BUF_SIZE := $(or $(CONFIG_GCOAP_PDU_BUF_SIZE),128)
|
|
|
|
# If there were another way to set up DTLS_MAX_BUF, we'd need to set the
|
|
# maximum of these here.
|
|
#
|
|
# 29 bytes are the overhead measured with Wireshark on packets exchanged in
|
|
# default configuration; adding some to be safe against variable size fields.
|
|
CFLAGS += "-DDTLS_MAX_BUF=($(CONFIG_GCOAP_PDU_BUF_SIZE) + 36)"
|
|
endif
|
|
|
|
# TinyDTLS emits several messages during connection establishment at the info
|
|
# level; this is way more verbose than common in RIOT.
|
|
TINYDTLS_LOG_LEVEL ?= LOG_WARNING
|
|
CFLAGS += -DLOG_LEVEL=$(TINYDTLS_LOG_LEVEL)
|