ddn.net.dtls.connectionid

DTLS 1.3 Connection ID management (RFC 9147 §5.6).

Connection ID allows DTLS 1.3 peers to be identified by an opaque identifier rather than the 4-tuple (source/dest IP+port). This enables connection survival across NAT rebinding, mobile roaming, and multi-path changes.

Wire format changes with CID:

Without CID (current):
 [ContentType 1] [Version 2] [Epoch 2] [SeqNum 6] [Length 2] [Payload N]

With CID:
 [ContentType 1] [Epoch 2] [SeqNum 6] [CID_Length 1] [CID 0-255]
 [Length 2] [Payload N]

Note

When CID is used, the 2-byte Version field is removed from the

record header and the CID fields are inserted after the sequence number.

struct CidRecordHeader DtlsCidState

class DtlsCidManager

fn buildCidExtension buildCidRecordHeader parseCidExtension parseCidRecordHeader

Types 3

structDtlsCidState

Per-peer Connection ID state.

Tracks both the local CID (what the peer uses to address us) and the remote CID (what we use to address the peer).

Fields

DtlsConnectionId localCid

DtlsConnectionId remoteCid

bool localCidRequested

bool remoteCidRequested

bool negotiated

classDtlsCidManager

Connection ID manager for DTLS 1.3.

Handles CID generation, negotiation, and lookup. The manager maintains a mapping from CID to peer address for incoming record demultiplexing.

Fields

bool enabled_

ubyte localCidLength_

SecureRandom rng_

DtlsCidState[DatagramEndpoint] peerStates_

DatagramEndpoint[DtlsConnectionId] cidLookup_

Methods

bool enabled() @property const @safe pure nothrow @nogcReturns: true if CID support is enabled.

ubyte localCidLength() @property const @safe pure nothrow @nogcReturns: the configured local CID length.

DtlsConnectionId generateCid(ubyte length)Generates a new random CID for local use.

DtlsCidState initPeer(DatagramEndpoint peer)Initializes CID state for a new peer.

void setRemoteCid(DatagramEndpoint peer, DtlsConnectionId remoteCid)Sets the remote CID for a peer (received during handshake).

DatagramEndpoint lookupByCid(DtlsConnectionId cid)Looks up a peer by CID.

DtlsCidState * getCidState(DatagramEndpoint peer)Returns the CID state for a peer.

void removePeer(DatagramEndpoint peer)Removes a peer's CID state.

DtlsConnectionId rotateLocalCid(DatagramEndpoint peer)Rotates the local CID for a peer.

void migratePeer(DatagramEndpoint oldAddr, DatagramEndpoint newAddr)Handles a peer address change (migration).

Constructors

this(SecureRandom rng, ubyte cidLength = DtlsCidConstants.DEFAULT_CID_LENGTH)Constructs a CID manager.

structCidRecordHeader

Parsed result of a CID-aware record header.

Fields

ubyte contentType

ushort epoch

ulong seqNum

DtlsConnectionId cid

ushort payloadLength

size_t headerSize

bool valid

Functions 4

fnCidRecordHeader parseCidRecordHeader(const(ubyte)[] data, ubyte expectedCidLen)Parses a DTLS 1.3 record header with optional CID.

ubyte[] buildCidRecordHeader(ubyte  contentType,  ushort  epoch,  ulong  seqNum,
       DtlsConnectionId cid,  ushort  payloadLen)

Builds a DTLS 1.3 record header with optional CID.

fnubyte[] buildCidExtension(DtlsConnectionId cid, ubyte localCidLength = 0)Builds the `connection_id` extension body for ClientHello/ServerHello.

fnDtlsConnectionId parseCidExtension(const(ubyte)[] data)Parses the `connection_id` extension body.