[Babel-users] Reworked implementation of Babel-over-DTLS
Antonin Décimo
antonin.decimo at gmail.com
Fri Mar 15 13:55:46 GMT 2019
Hello lists,
I’ve finally managed to rework my implementation of Babel-over-DTLS
(spoiler: it seems to be working). Thanks to Juliusz for the help.
You can get the code by doing
git clone -b dtls2 https://github.com/MisterDA/babeld
The code requires the mbedTLS library (version 2.16) [1].
The code is still heavily instrumented (lots of printfs…). While this
code is not carefully tested, it is meant to eventually implement the
protocol described in
https://tools.ietf.org/html/draft-ietf-babel-dtls
Known issues:
- no interoperability testing has been done yet;
- we don’t timeout neighbours properly, which makes us vulnerable to
delayed packets;
- there is no user interface to provide certificates and keys, they
are all hard-coded in the DTLS library.
It is unclear to me how the user interface to provide certificates and
private keys should look like, and if we prefer CA certificates or
self-signed. Perhaps the draft should be more specific about that.
You can test this code by saying something like:
babeld -C 'interface eth0 unicast true dtls true'
The "unicast true" flag tells babeld to send all TLVs but Hello TLVs
over unicast, "dtls true" tells babeld to use DTLS on the selected
interface. The "unicast" flag is required for Babel-over-DTLS to
operate as expected. Use "dtls-protocol-port" to specify a port. The
default port is hard-coded to 50000, a port number has been requested
to IANA.
[1]: https://tls.mbed.org/
--
Antonin Décimo
More information about the Babel-users
mailing list