Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gcoap_forward_proxy: CoAPS support #18107

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

gcoap_forward_proxy: CoAPS support #18107

wants to merge 4 commits into from
+44 −26

Conversation

miri64
Copy link
Member

@miri64 miri64 commented May 14, 2022

Contribution description

Allows to deploy the forward proxy using CoAPS / proxying a CoAPS connection.

Testing procedure

Still needs some work, currently, the proxy reports a Bad Option error, when used with CoAPS...

Issues/PRs references

None

@miri64 miri64 added the Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation label May 14, 2022
@github-actions github-actions bot added Area: CoAP Area: Constrained Application Protocol implementations Area: examples Area: Example Applications Area: network Area: Networking Area: sys Area: System labels May 14, 2022
@miri64 miri64 mentioned this pull request May 16, 2022
Merged
@miri64
Copy link
Member Author

miri64 commented Jul 28, 2022

Ok, I found now some hints on why this is not working:

  1. The number of DTLS peers is fixed to 1 by the gcoap_dtls example. A proxy of course has at least 2 :(
  2. If that is set to 2, I run into the problem, that the proxy runs basically completely in the gcoap thread and tries to use the blocking gcoap_send_req_tl when sending to upstream... It basically stays here in

    RIOT/sys/net/application_layer/gcoap/gcoap.c

    Line 1102 in fb3f1a2

    res = ztimer_msg_receive_timeout(ZTIMER_MSEC, &msg, timeout);
    when trying to establish the handshake, which blocks the gcoap thread. In the meantime the handshake messages from upstream come in, but are not handled in _on_sock_dtls_evt, until the timeout timed out... Maybe an asynchronous version of gcoap_send_req_tl will help here...

@benpicco benpicco added this to In progress in COAP via automation Oct 5, 2022
@benpicco benpicco moved this from In progress to To do in COAP Oct 5, 2022
@benpicco
Copy link
Contributor

So the idea is that a cllient would connect to the proxy via CoAP and the proxy would forward the connection via CoAPs to the server that it proxies for? That is exactly what we need 😃

@miri64
Copy link
Member Author

miri64 commented Feb 28, 2024

So the idea is that a cllient would connect to the proxy via CoAP and the proxy would forward the connection via CoAPs to the server that it proxies for?

The main idea is to have a CoAPS connection at both ends, but yes, in theory it should also work that you have a (unsecure) CoAP connection at one end and a secure CoAPS connection at the other.

@miri64
Copy link
Member Author

miri64 commented Feb 28, 2024

Maybe the problem above might not be an issue for this use case, but until it is resolved, this can't be merged of course.

@benpicco
Copy link
Contributor

benpicco commented Mar 4, 2024
edited

I'm afraid I figured out why this does not work: In _tl_authenticate() we loop until timeout or a message is received.
This message is supposed to be sent by _on_sock_dtls_evt() which is the event callback for the DTLS socket. That callback is executed by event_loop(&_queue) in the GCoAP thread - the same event loop that handles the proxied request.

That means the event handler will never¹ be executed as _tl_authenticate() is blocking the event handler, we'd either need an async version of the DTLS handshake or move the proxy request to a separate thread.

[1] it will be executed after the timeout, but then it's too late

@miri64
Copy link
Member Author

miri64 commented Mar 4, 2024

Yes, that exactly the conclusion I came to in July according to my comment.

@mariemC mariemC mentioned this pull request Mar 11, 2024
Merged
@miri64 miri64 mentioned this pull request May 15, 2024
Merged
@miri64 miri64 force-pushed the gcoap_forward_proxy/enh/coaps-support branch from def4718 to 78154e3 Compare May 15, 2024 13:19
@github-actions github-actions bot removed the Area: examples Area: Example Applications label May 15, 2024
@miri64
Copy link
Member Author

miri64 commented May 15, 2024

With #20454 and #20554 now merged, this should be much easier to get running. Rebased and adopted to current master.

I only compile-tested so far, if you want to merge, please test functionality rigorously.

Nevertheless, I think this can get out of draft state now.

@miri64 miri64 marked this pull request as ready for review May 15, 2024 13:21
benpicco
benpicco reviewed May 15, 2024
View reviewed changes
sys/include/net/coap.h Outdated Show resolved Hide resolved
@benpicco benpicco requested a review from fabian18 May 15, 2024 13:26
@benpicco
Copy link
Contributor

@mariemC want to give this a try?

@benpicco benpicco added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label May 15, 2024
@miri64 miri64 force-pushed the gcoap_forward_proxy/enh/coaps-support branch from 562f347 to 8181e26 Compare May 15, 2024 13:35
@miri64
Copy link
Member Author

miri64 commented May 15, 2024

Just noticed that I forgot about the new dependency to gcoap_forward_proxy_thread. I added that in the last slew of force pushes.

@riot-ci
Copy link

riot-ci commented May 15, 2024

Murdock results

✔️ PASSED

8181e26 fixup! coap/gcoap: unify CoAP ports

Success Failures Total Runtime
10104 0 10105 12m:45s

Artifacts

fabian18
fabian18 reviewed May 29, 2024
View reviewed changes
sys/net/application_layer/gcoap/forward_proxy.c
}
memcpy(&remote->addr.ipv6[0], &addr.u8[0], sizeof(addr.u8));

if (urip->port != 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you removed this by accident. Only when no port is specified make and assumption based on the scheme.

sys/net/application_layer/gcoap/forward_proxy.c
@@ -419,11 +424,13 @@ static int _gcoap_forward_proxy_via_coap(coap_pkt_t *client_pkt,
client_ep_t *client_ep,
uri_parser_result_t *urip)
{
sock_udp_ep_t origin_server_ep;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The server endpoint is now stored in client_ep_t::server_ep, so it can be forwarded to the proxy thread.

@fabian18
Copy link
Contributor

We need to add DTLS capability to the gcoap example client, don`t we?

@miri64
Copy link
Member Author

miri64 commented May 31, 2024

We need to add DTLS capability to the gcoap example client, don`t we?

examples/gcoap_dlts should already suplly that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benpicco benpicco benpicco left review comments

@fabian18 fabian18 fabian18 left review comments

@janosbrodbeck janosbrodbeck Awaiting requested review from janosbrodbeck

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Area: CoAP Area: Constrained Application Protocol implementations Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation
Projects
COAP
To do
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@miri64 @benpicco @riot-ci @fabian18