Implementing DTLS on application that handles own networking

Hi all,

I’m currently working on DTLS support for this application GitHub - BroadbandForum/obudpst: OB-UDPST is a client/server utility to do UDP-based IP capacity measurements (see TR-471 for details). . It handles it’s own asynchronous networking via epoll and a list of interested file descriptors, executing per-connection defined callbacks when data is waiting on one of them.

My current approach is to pass execution flow when a ready fd is flagged by epoll_wait into a couple functions heavily based on your provided DTLS server/client examples. This approach seems insufficient for a number of reasons but largely because handling two separate i/o buffers introduces a large overhead and a whole host of socket-related bugs.

One alternative approach seems to be to define custom read/write/timeout functions via mbedtls_ssl_set_bio that read/write from the application’s i/o buffers for encryption and decryption, using mbedtls_ssl_write / mbedtls_ssl_read rather than recvfrom/sendto in the application’s udpst_data.c recv_proc / send_proc functions.

It would be much appreciated if anyone was able to provide some guidance or advice regarding this approach or alternatives in any form!

Thanks,
Jesse