我遇到 DTLS 握手数据包大于 1500 字节的问题,我进行分段以确保它小于 1500 字节。碎片是按照 RFC 规定的。现在,当我检查捕获的 pcap 时,在收到完整的数据包时进行分段和重组。但是,当我提供碎片化的数据包时,DTLS SSL_connect 起作用。这里的问题是,我应该重建完整的数据包并将其交给 SSL_connect 函数吗?
最佳答案
当我读到the current(?) draft :
3.1.2. Message Size TLS and DTLS handshake messages can be quite large (in theory up to 2^24-1 bytes, in practice many kilobytes). By contrast, UDP datagrams are often limited to less than 1500 bytes if IP fragmentation is not desired. In order to compensate for this limitation, each DTLS handshake message may be fragmented over several DTLS records, each of which is intended to fit in a single IP datagram. Each DTLS handshake message contains both a fragment offset and a fragment length. Thus, a recipient in possession of all bytes of a handshake message can reassemble the original unfragmented message.
关于ssl - openssl DTLS 1.0.2k 是否接受碎片输入并重新组装碎片数据包?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57032853/