How do I configure RTI Connext DDS to use the DTLS transport without WAN?

Submitted by yusheng on Mon, 08/11/2014 - 11:20

The simplest way to have RTI Connext DDS send encrypted UDP packets is to use the DTLS Transport plugin (also known as the Secure Transport), which comes with RTI Secure WAN Transport, but does not actually require WAN. In the Connext DDS 5.1.0 Core Libraries and Utilities User's Manual, Sections 24.4 and 25.4 discuss how to generate certificate files using OpenSSL and configure Connext DDS to use the Secure Transport. The shipped helloWorldWAN examples show how to configure RTI Secure WAN Transport to use DTLS. From the examples and documentation, you can figure out how to configure a non-WAN DDS application to use DTLS, but here is the XML configuration for your convenience:

<participant_qos>
 
  <transport_builtin>
    <mask>MASK_NONE</mask>
  </transport_builtin>
 
  <discovery>
    <multicast_receive_addresses/>
    <initial_peers>
      <element>127.0.0.1</element>
      <!-- Add IPv4 addresses of other peers in new elements. -->
    </initial_peers>   
  </discovery>  
 
  <property>
    <value>
      <element>
        <name>dds.transport.load_plugins</name>
        <value>dds.transport.DTLS.dtls1</value>
      </element>
      <element>
        <!-- Setting this property has no effect if linking statically and setting create_function_ptr. --> 
        <name>dds.transport.DTLS.dtls1.library</name>
        <value>nddstransporttls</value> <!-- Must be this value if linking dynamically. -->
      </element>
      <element> <!-- Only needed if linking dynamically. -->
        <name>dds.transport.DTLS.dtls1.create_function</name>
        <value>NDDS_Transport_DTLS_create</value>
      </element>
      <element>
        <name>dds.transport.DTLS.dtls1.tls.verify.ca_file</name>
        <value>cacert.pem</value> <!-- Use the same file for different Domain Participants. -->
      </element>
      <element>
        <name>dds.transport.DTLS.dtls1.tls.identity.certificate_chain_file</name>
        <value>peer1.pem</value> <!-- Use different files for different Domain Participants. -->
      </element> 
    </value>
  </property>
 
</participant_qos>

If linking statically, instead of setting create_function in XML, you must set create_function_ptr in code, as in this C example:

#include "transport_tls/transport_tls_plugin.h"

#ifdef USING_VERSION_5_2_3_OR_ABOVE

DDS_PropertyQosPolicyHelper_assert_pointer_property(
    &participant_qos->property,
    "dds.transport.DTLS.dtls1.create_function_ptr",
    NDDS_Transport_DTLS_create);

#else

char create_function_ptr[17];
sprintf(create_function_ptr, "%p", NDDS_Transport_DTLS_create);
DDS_PropertyQosPolicyHelper_assert_property(
    &participant_qos->property,
    "dds.transport.DTLS.dtls1.create_function_ptr",
    create_function_ptr,
    DDS_BOOLEAN_FALSE);
 
#endif

Tags:

Comments

davey

Tue, 03/22/2016 - 16:35

Permalink

Errors when implementing statically

Hi. I am trying to link this statically with my own custom transport. It works fine if I make a dynamic library. But if I try to compile it in directly I get this problem.

I get the following error when I try to run though.

[D0000|CREATE Participant|D0000|ENABLE]DDS_DomainParticipantConfigurator_setup_custom_transports:!get transport plugin library from property. Check that your transport plugin prefix begins with "dds.transport."
[D0000|CREATE Participant|D0000|ENABLE]DDS_DomainParticipant_enableI:Automatic participant index failed to initialize. PLEASE VERIFY CONSISTENT TRANSPORT / DISCOVERY CONFIGURATION.
[D0000|CREATE Participant]DDS_DomainParticipantFactory_create_participant:ERROR: Failed to auto-enable entity
create_participant error

I am not specifying a library because there isn't one. But if I specify a library, then it complains it can not find one.

yusheng

Tue, 03/22/2016 - 17:09

Permalink