Properties for NDDS_Transport_DTLS_Property_t lists the properties that you can set for the Secure Transport.
Property Name (prefix with ‘dds.transport.DTLS.dtls1’)1 Assuming you used ‘dds.transport.DTLS.dtls1’ as the alias to load the plugin. If not, change the prefix to match the string used with dds.transport.load_plugins. This prefix must begin with 'dds.transport.' |
Property Value Description |
dds.transport.load_plugins |
Required Comma-separated strings indicating the prefix names of all plugins that will be loaded by Connext DDS. You will use this string as the prefix to the property names. For example: “dds.transport.DTLS.dtls1". (This assumes you used used ‘dds.transport.DTLS.dtls1’ as the alias to load the plugin. If not, change the prefix to match the string used with dds.transport.load_plugins.) This prefix must begin with 'dds.transport.' Note: you can load up to 8 plugins. |
library |
Only required if linking dynamically Must set to "libnddstransporttls.so" (for UNIX/Solaris) or "nddstransporttls.dll" (for Windows). This library and the dependent OpenSSL libraries must be in your library search path (pointed to by the environment variable LD_LIBRARY_PATH on UNIX/Solaris systems, Path on Windows systems, LIBPATH on AIX systems, DYLD_LIBRARY_PATH on Mac OS systems). |
create_function |
Only required if linking dynamically Must be "NDDS_Transport_DTLS_create" |
create_function_ptr |
Only required if linking statically Defines the function pointer to the DTLS Transport Plugin creation function. Used for loading the DTLS Transport plugin statically. Must be set to the NDDS_Transport_DTLS_create function pointer. |
aliases |
Used to register the transport plugin returned by NDDS_Transport_DTLS_create() (as specified by <DTLS_prefix>.create_function) to the DomainParticipant. Aliases should be specified as comma-separated strings, with each comma delimiting an alias. If it is not specified, the prefix—without the leading "dds.transport"—is used as the default alias for the plugin. For example, if the <TRANSPORT_PREFIX> is "dds.transport.mytransport", the default alias for the plugin is "mytransport". |
network_address |
The network address at which to register this transport plugin. The least significant transport_in.property.address_bit_count will be truncated. The remaining bits are the network address of the transport plugin. This value overwrites the value returned by the output parameter in NDDS_Transport_create_plugin function as specified in "<DTLS_prefix>.create_function". |
verbosity |
Specifies the verbosity of log messages from the transport. Possible values:
|
security_verbosity |
Specifies the verbosity of security related log messages from the transport. These are usually messages generated by OpenSSL. Possible values:
Default: If not set the value is inherited from the property verbosity |
parent.address_bit_count |
Number of bits in a 16-byte address that are used by the transport. Should be between 0 and 128. For example, for an address range of 0-255, the address_bit_count should be set to 8. |
parent.properties_bitmap |
A bitmap that defines various properties of the transport to the Connext DDS core. Currently, the only property supported is whether or not the transport plugin will always loan a buffer when Connext DDS tries to receive a message using the plugin. This is in support of a zero-copy interface. |
parent.gather_send_buffer_ |
Specifies the maximum number of buffers that Connext DDS can pass to the transport plugin’s send() function. |
The maximum size of a message in bytes that can be sent or received by the transport plugin. Maximum value: 16384. |
|
A list of strings, each identifying a range of interface addresses. Interfaces must be specified as comma-separated strings, with each comma delimiting an interface. If the list is non-empty, this "white" list is applied before the parent.deny_interfaces list. You must manage the memory of the list. The memory may be freed after the DomainParticipant is enabled. |
|
A list of strings, each identifying a range of interface addresses. Interfaces should be specified as comma-separated strings, with each comma delimiting an interface. This "black" list is applied after the parent.allow_interfaces list and filters out the interfaces that should not be used. You must manage the memory of the list. The memory may be freed after the DomainParticipant is enabled. |
|
Disables detection of network interface changes. By default, network interfaces changes are propagated in the form of locators to other applications. This is done to support IP mobility scenarios. For example, you could start a application with Wi-Fi and move to a wired connection. In order to continue communicating with other applications this interface change must be propagated. In 5.0 and earlier versions of the product, IP mobility scenarios were not supported. Applications using 5.2 will report errors if they detect locator changes in a DataWriter or DataReader. You can disable the notification and propagation of interface changes by setting this property to 1. This way, an interface change in a newer application will not trigger errors in an application running 5.2 GAR or earlier. Of course, this will prevent the new application from been able to detect network interface changes. |
|
Specifies the period in milliseconds to query for changes in the state of all the interfaces. When possible, the detection of an IP address changes is done asynchronously using the APIs offered by the underlying OS. If there is no mechanism to do that, the detection will use a polling strategy where the polling period can be configured by setting this property. |
|
send_socket_buffer_size |
Size in bytes of the send buffer of a socket used for sending. |
recv_socket_buffer_size |
Size in bytes of the receive buffer of a socket used for sending. |
ignore_loopback_interface |
Prevents the Transport Plugin from using the IP loopback interface. |
ignore_nonrunning_interfaces |
Prevents the transport plugin from using a network interface that is not reported as RUNNING by the operating system. The transport checks the flags reported by the operating system for each network interface upon initialization. An interface which is not reported as UP will not be used. This property allows the same check to be extended to the IFF_RUNNING flag implemented by some operating systems. The RUNNING flag is defined to mean that "all resources are allocated", and may be off if there is no link detected, e.g., the network cable is unplugged. Two values are allowed:
|
transport_priority_mask |
Mask for use of transport priority field. |
transport_priority_mapping_low |
Low and high values of output range to IPv4 TOS. |
transport_priority_mapping_high |
|
recv_decode_buffer_size |
Size of buffer for decoding packets from wire. An extra buffer is required for storage of encrypted data. The minimum value for this property is parent.message_size_max. |
port_offset |
Port offset to allow coexistence with non-secure UDP transport. |
dtls_handshake_resend_interval |
DTLS handshake retransmission interval in milliseconds |
dtls_connection_liveliness_ |
Liveliness interval (multiple of resend interval) The connection will be dropped if no message from the peer is received in this amount of time. This enables cleaning up state for peers that are no longer responding. A secure keep-alive message will be sent every half-interval if no other sends have occurred for a given DTLS connection during that time. Default: 60 ms |
A string that specifies the name of file containing Certificate Authority certificates. File should be in PEM format. See the OpenSSL manual page for SSL_load_verify_locations for more information. tls.verify.ca_file or tls.verify.ca_path must be specified; both may be specified. |
|
A string that specifies paths to directories containing Certificate Authority certificates. Files should be in PEM format, and follow the OpenSSL-required naming conventions. See the OpenSSL manual page for SSL_CTX_load_verify_locations for more information. tls.verify.ca_file or tls.verify.ca_path must be specified; both may be specified. |
|
tls.verify.verify_depth |
Maximum certificate chain length for verification. |
tls.verify.verify_peer |
If non-zero, use mutual authentication when performing TLS hand- shake (default). If zero, only the reader side will present a certificate, which will be verified by the writer side. |
tls.verify.callback |
This can be set to one of three values:
|
tls.cipher.cipher_list |
List of available (D)TLS ciphers. See the OpenSSL manual page for SSL_set_cipher_list for more information on the format of this string. |
tls.cipher.dh_param_files |
List of available Diffie-Hellman (DH) key files. For example: "foo.h:2048,bar.h:1024" means: dh_param_files[0].file = foo.pem, dh_param_files[0].bits = 2048, dh_param_files[1].file = bar.pem, dh_param_files[1].bits = 1024 |
tls.cipher.engine_id |
String ID of OpenSSL cipher engine to request. |
tls.identity.certificate_chain_file |
Required A string that specifies the name of a file containing an identifying certificate chain (in PEM format). An identifying certificate is required for secure communication. The file must be sorted starting with the certificate to the highest level (root CA). If no private key is specified, this file will be used to load a non-RSA private key. |
tls.identity.private_key_password |
A string that specifies the password for private key. |
tls.identity.private_key_file |
A string that specifies that name of a file containing private key (in PEM format). If no private key is specified (all values are NULL), this value will default to the same file as the specified certificate chain file. |
tls.identity.rsa_private_key_file |
A string that specifies that name of a file containing an RSA private key (in PEM format). |
© 2018 RTI