RTI Secure WAN Transport

Core Libraries and Utilities

Release Notes

Version 5.0.0

© 2012 Real-Time Innovations, Inc.

All rights reserved.

Printed in U.S.A. First printing.

August 2012.

Trademarks

Real-Time Innovations, RTI, and Connext are trademarks or registered trademarks of Real-Time Innovations, Inc. All other trademarks used in this document are the property of their respective owners.

Copy and Use Restrictions

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form (including electronic, mechanical, photocopy, and facsimile) without the prior written permission of Real- Time Innovations, Inc. The software described in this document is furnished under and subject to the RTI software license agreement. The software may be used or copied only under the terms of the license agreement.

Technical Support

Real-Time Innovations, Inc.

232 E. Java Drive

Sunnyvale, CA 94089

Phone:

(408) 990-7444

Email:

support@rti.com

Website:

https://support.rti.com/

Release Notes

1 Compatibility

RTI® Secure WAN Transport is an optional product for use with RTI Connext™ (formerly, RTI Data Distribution Service).

This release is supported on the architectures listed in Table 1.1.

Table 1.1 Supported Architectures for RTI Secure WAN Transport

 

Operating System

Compiler

RTI Architecture

 

Abbreviation

 

 

 

 

 

 

 

 

 

 

 

 

Red Hat Enterprise Linux 5.0 (2.6 kernel)

gcc 4.1.1

i86Linux2.6gcc4.1.1

 

 

 

 

Linux®

Ubuntu® Server 10.04

gcc 4.4.3

i86Linux2.6gcc4.4.3

 

 

gcc 4.4.3

x64Linux2.6gcc4.4.3

 

 

 

 

 

 

 

Wind River Linux 4

gcc 4.4.1

x64WRLinux2.6gcc4.4.1

 

 

 

 

QNX

QNX Neutrino 6.5

qcc 4.4.2 with GNU

i86QNX6.5qcc_gpp4.4.2

C++ libraries

 

 

 

 

 

 

 

Solaris™

Solaris 10

gcc3.4.2

sparcSol2.10gcc3.4.2

 

 

 

 

 

Windows 2003

Visual Studio 2005

 

 

 

 

Windows®

Windows Vista®

i86Win32VS2005

SP 1

 

 

 

 

Windows XP Professional

 

 

 

 

 

 

 

 

2What’s New in Release 5.0.0

This release provides compatibility with Connext 5.0.0.

This release requires OpenSSL 0.9.8x.

QNX Neutrino 6.5 and Wind River Linux 4 platforms are now supported.

Windows 2000 platforms are no longer supported.

1

Available Documentation

3 Available Documentation

The following documentation is provided with the Connext distribution. (The paths show where the files are located after Connext has been installed in <NDDSHOME>.)

Secure WAN Transport Installation Guide

(<NDDSHOME>/doc/pdf/RTI_Secure_WAN_InstallationGuide.pdf, also available for download from RTI’s Customer Portal.)

RTI Core Libraries and Utilities User’s Manual (<NDDSHOME>/doc/pdf/ RTI_CoreLibrariesAndUtilities_UsersManual.pdf)

Online (HTML) documentation:

Open <NDDSHOME>/ReadMe.html, then select Secure WAN Transport.

Example code: <NDDSHOME>/example/<language>/helloWorldWAN.

The API Reference Manual, RTI_Secure_WAN_Transport_API.pdf. This is the same as the Online API HTML documentation listed above, except in PDF format.

4Known Issues

When communicating over some networks, the WAN and Secure Transport plug-ins may fail to send data larger than the MTU (maximum transmission unit) size available for the network. This is especially likely over wide-area networks. This scenario is also a suggested configuration of the DTLS protocol, according to the DTLS specification, which is IETF RFC 4347.

If problems occur while sending large packets, set the maximum_message_size transport property to the MTU of your network minus 28 bytes for the DTLS header and set up your application according to the Large Data Use Cases “How To” provided in the online (HTML) documentation. For example, for an MTU size of 1500 bytes (for standard Ether- net), set maximum_message_size to 1500 - 28 = 1472.

One instance of this problem for which there is no workaround is the case where the dis- covery packets are larger than your network’s MTU. This could occur if user data, propa- gated properties, or type-codes are configured.

An application using the WAN transport may appear to hang for several minutes if the WAN server is shut down and not restarted before the application tries to contact it, or if the application is unable to communicate with the WAN server.

Two scenarios under which the application tries to contact the STUN server are during shut down and while establishing a connection with the initial peers.

This issue is due to a sequence of synchronous STUN transactions with the STUN server. If you need to run WAN transport without a STUN server, here are some recommenda- tions:

Decrease the blocking time by decreasing the number of STUN retransmissions. To do so, change the property, stun_number_of_retransmissions. For example, a change from the default of 7 retries to 5 retries will result in a total period of 3.1 seconds per synchronous operation. Note however, that this may impact the ability to reliably set up connections to peers over a WAN.

2

Third-Party Licenses

Decrease the blocking time by using a participant ID limit of zero when configur- ing the initial peer descriptors.

For example, when the peer descriptor wan://::1:10.10.1.150 is specified, DDS will try to contact five participants with the same WAN ID in different ports. Usually there is only one participant using the same WAN ID. Although the other four par- ticipants will never be reachable, the application still tries to establish communica- tion with them by contacting the STUN server.

You can reduce the number of participants to which the application will try to con- tact to one by using a participant ID limit of zero in the peer descriptor. For exam- ple, 0@wan://::1:10.10.1.150.

For additional information on peer descriptors see the Discovery chapter in the RTI Core Libraries and Utilities User’s Manual.

5 Third-Party Licenses

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:// www.openssl.org/).

Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl- core@openssl.org.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1.Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2.Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the dis- tribution.

3.All advertising materials mentioning features or use of this software must display the following acknowledgment:

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

4.The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5.Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6.Redistributions of any form whatsoever must retain the following acknowledgment:

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER- CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL- ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-

3

Third-Party Licenses

ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

4