ddn.net.dtls.peer

DTLS peer state management.

Provides data structures and functions for managing the state of DTLS peer connections, including flight retransmission, epoch tracking, and activity timeout detection.

A DTLS server may communicate with many peers over a single UDP socket. Each peer maintains independent state tracked by DtlsPeerState. Once the handshake completes, a DtlsPeer object provides the public API for reading and writing encrypted application data.

var DTLS_INITIAL_TIMEOUT DTLS_MAX_RETRIES DTLS_MAX_TIMEOUT

alias MonotonicTime

struct DtlsFlight

class DtlsPeerState NativeDtlsPeer

fn computeRetransmitTimeout shouldRetransmit

Types 4

aliasMonotonicTime = MonoTime

Alias for monotonic time representation.

Uses core.time.MonoTime for monotonic clock readings that are immune to system clock adjustments.

structDtlsFlight

A flight of DTLS handshake messages.

DTLS retransmits entire flights, not individual messages. A flight contains all the handshake messages that should be sent together as a unit. If a response is not received within the timeout period, the entire flight is retransmitted.

See RFC 6347 §4.2.4 for flight definition and retransmission rules.

Fields

ubyte[][] recordsSerialized DTLS records to (re)send.

DatagramEndpoint peerDestination address for this flight.

MonotonicTime sentAtTimestamp when the flight was last sent.

int retryCountNumber of retransmissions so far.

classDtlsPeerState

Internal state for a DTLS peer connection.

A DTLS server may communicate with many peers on a single UDP socket. Each peer has independent state tracked here, including sequence numbers, replay protection, fragment reassembly, and timeout tracking.

Fields

DatagramEndpoint addressThe peer's network address.

ushort epochCurrent DTLS epoch.

ulong sendSequenceNext outgoing sequence number (48-bit).

ulong expectedSequenceNext expected incoming sequence number.

DtlsReplayWindow replayWindowAnti-replay window for the current epoch.

DtlsFragmentBuffer reassemblyFragment reassembly buffer.

DtlsFlight * pendingFlightCurrent flight awaiting response.

MonotonicTime lastActivityTimestamp of last received data from this peer.

MonotonicTime handshakeStartedTimestamp when the handshake began.

bool connectedWhether the handshake has completed.

bool shutdownInitiatedWhether we have initiated shutdown by sending close_notify.

bool receivedCloseNotifyWhether we have received a close_notify from the peer.

DtlsVersion negotiatedVersionThe negotiated DTLS version.

string cipherSuite_The negotiated cipher suite name.

string alpnProtocol_The negotiated ALPN protocol.

TlsCertificateChain peerCertsThe peer's certificate chain.

Dtls12ClientPhase clientPhaseThe current client handshake phase (DTLS 1.2 client).

Dtls12Client client12_DTLS 1.2 client handshake engine (client mode).

Dtls13Client client13_DTLS 1.3 client handshake engine (client mode).

Dtls12Server server12_DTLS 1.2 server handshake engine (server mode, per peer).

Dtls13Server server13_DTLS 1.3 server handshake engine (server mode, per peer).

ubyte[][] appDataQueue_Queue of decrypted application data fragments.

SrtpProfile negotiatedSrtpProfile_Negotiated SRTP profile (DTLS-SRTP, RFC 5764).

SrtpKeyingMaterial srtpKeyingMaterial_SRTP keying material (populated after DTLS-SRTP handshake).

ubyte[] masterSecret_DTLS master secret (stored for SRTP key derivation).

ubyte[] clientRandom_Client random from handshake (stored for SRTP key derivation).

ubyte[] serverRandom_Server random from handshake (stored for SRTP key derivation).

DtlsConnectionId localCid_Local Connection ID (our CID, used by peer to address us).

DtlsConnectionId peerCid_Peer Connection ID (their CID, used by us to address them).

bool cidNegotiated_Whether CID was negotiated for this peer.

256 MAX_APP_DATA_QUEUE_ENTRIESEnqueue decrypted application data for later reading.

Methods

TlsAead writeAead() @propertyGet the write AEAD for this peer.

TlsAead readAead() @propertyGet the read AEAD for this peer.

bool isDtls12() @property const @safe pure nothrow @nogcWhether this peer uses DTLS 1.2 (explicit nonce) encryption.

void enqueueAppData(ubyte[] data) @safe

size_t dequeueAppData(ubyte[] buffer) @safeDequeue decrypted application data into the provided buffer.

bool hasAppData() @property const @safe pure nothrow @nogcWhether there is buffered application data available to read.

void advanceEpoch() @safe pure nothrow @nogcAdvance to the next epoch.

void recordActivity() @safe nothrow @nogcRecord activity from this peer.

bool isHandshakeTimedOut(Duration timeout) const @safe nothrow @nogcCheck if the handshake has timed out.

bool isIdle(Duration timeout) const @safe nothrow @nogcCheck if the peer connection is idle.

ulong nextSendSequence() @safe pure nothrow @nogcConsume the next send sequence number.

Constructors

this(DatagramEndpoint addr)Constructs a new peer state.

classNativeDtlsPeer : DtlsPeer

Represents an established DTLS connection to a single peer.

This class provides the public interface for reading and writing encrypted application data to a DTLS peer. It implements the ddn.api.net.dtls.DtlsPeer interface and is returned by the DTLS engine after the handshake completes.

All read/write operations are non-blocking and return TlsResult or TlsProgress to indicate I/O status.

Fields

private DtlsPeerState state_

private NativeDtlsEngine engine_

Methods

TlsResult read(ubyte[] buffer)Read decrypted application data from this peer.

TlsResult write(const(ubyte)[] data)Write application data to be encrypted and sent.

TlsProgress shutdown()Graceful shutdown (send close_notify).

DatagramEndpoint address() @property const @safe pure nothrow @nogcThe peer's network address.

DtlsVersion negotiatedVersion() @property constThe negotiated DTLS version.

string cipherSuite() @property constThe negotiated cipher suite name.

string alpnProtocol() @property constThe negotiated ALPN protocol.

bool isConnected() @property constWhether the handshake is complete.

TlsCertificateChain peerCertificates() @propertyReturns the peer's certificate chain.

DtlsPeerState state() @property @safe pure nothrow @nogcAccess to the underlying peer state.

DtlsConnectionId connectionId() @property

void requestNewConnectionId()

TlsResult writeEarlyData(const(ubyte)[] data)

bool usedEarlyData() @property

SrtpProfile negotiatedSrtpProfile() @property

SrtpKeyingMaterial exportSrtpKeyingMaterial()

Constructors

this(DtlsPeerState state, NativeDtlsEngine engine)Constructs a DtlsPeer.

Functions 2

fnbool shouldRetransmit(const(DtlsFlight) * flight, MonotonicTime now) @safe pure nothrow @nogcCheck if a flight needs retransmission.

fnDuration computeRetransmitTimeout(int retryCount) @safe pure nothrow @nogcCompute retransmit timeout with exponential backoff.

Variables 3

enumvarDTLS_INITIAL_TIMEOUT = dur!"seconds"(1)

Initial retransmission timeout for DTLS flights.

Per RFC 6347 §4.2.4.1, the initial timeout is 1 second.

enumvarDTLS_MAX_TIMEOUT = dur!"seconds"(60)

Maximum retransmission timeout for DTLS flights.

The timeout doubles with each retry but is capped at this value.

enumvarDTLS_MAX_RETRIES = 6

Maximum number of retransmission attempts before giving up.