|
| QDtlsClientVerifier (QObject *parent=nullptr) |
|
| ~QDtlsClientVerifier () |
|
bool | setCookieGeneratorParameters (const GeneratorParameters ¶ms) |
|
GeneratorParameters | cookieGeneratorParameters () const |
|
bool | verifyClient (QUdpSocket *socket, const QByteArray &dgram, const QHostAddress &address, quint16 port) |
|
QByteArray | verifiedHello () const |
|
QDtlsError | dtlsError () const |
|
QString | dtlsErrorString () const |
|
Q_INVOKABLE | QObject (QObject *parent=nullptr) |
|
virtual | ~QObject () |
|
virtual bool | event (QEvent *event) |
|
virtual bool | eventFilter (QObject *watched, QEvent *event) |
|
QString | objectName () const |
|
void | setObjectName (const QString &name) |
|
QBindable< QString > | bindableObjectName () |
|
bool | isWidgetType () const |
|
bool | isWindowType () const |
|
bool | signalsBlocked () const noexcept |
|
bool | blockSignals (bool b) noexcept |
|
QThread * | thread () const |
|
void | moveToThread (QThread *thread) |
|
int | startTimer (int interval, Qt::TimerType timerType=Qt::CoarseTimer) |
|
void | killTimer (int id) |
|
template<typename T > |
T | findChild (const QString &aName=QString(), Qt::FindChildOptions options=Qt::FindChildrenRecursively) const |
|
template<typename T > |
QList< T > | findChildren (const QString &aName, Qt::FindChildOptions options=Qt::FindChildrenRecursively) const |
|
template<typename T > |
QList< T > | findChildren (Qt::FindChildOptions options=Qt::FindChildrenRecursively) const |
|
const QObjectList & | children () const |
|
void | setParent (QObject *parent) |
|
void | installEventFilter (QObject *filterObj) |
|
void | removeEventFilter (QObject *obj) |
|
QMetaObject::Connection | connect (const QObject *sender, const char *signal, const char *member, Qt::ConnectionType type=Qt::AutoConnection) const |
|
bool | disconnect (const char *signal=nullptr, const QObject *receiver=nullptr, const char *member=nullptr) const |
|
bool | disconnect (const QObject *receiver, const char *member=nullptr) const |
|
void | dumpObjectTree () const |
|
void | dumpObjectInfo () const |
|
bool | setProperty (const char *name, const QVariant &value) |
|
QVariant | property (const char *name) const |
|
QList< QByteArray > | dynamicPropertyNames () const |
|
QBindingStorage * | bindingStorage () |
|
const QBindingStorage * | bindingStorage () const |
|
QObject * | parent () const |
|
bool | inherits (const char *classname) const |
|
|
void | deleteLater () |
|
void | destroyed (QObject *=nullptr) |
|
void | objectNameChanged (const QString &objectName, QPrivateSignal) |
|
static QMetaObject::Connection | connect (const QObject *sender, const char *signal, const QObject *receiver, const char *member, Qt::ConnectionType=Qt::AutoConnection) |
|
static QMetaObject::Connection | connect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method, Qt::ConnectionType type=Qt::AutoConnection) |
|
template<typename Func1 , typename Func2 > |
static QMetaObject::Connection | connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const typename QtPrivate::FunctionPointer< Func2 >::Object *receiver, Func2 slot, Qt::ConnectionType type=Qt::AutoConnection) |
|
static QMetaObject::Connection ::type | connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, Func2 slot) |
|
static QMetaObject::Connection ::type | connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const QObject *context, Func2 slot, Qt::ConnectionType type=Qt::AutoConnection) |
|
template<typename Func1 , typename Func2 > |
static std::enable_if< QtPrivate::FunctionPointer< Func2 >::ArgumentCount==-1 &&!std::is_convertible_v< Func2, const char * >, QMetaObject::Connection >::type | connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, Func2 slot) |
|
template<typename Func1 , typename Func2 > |
static std::enable_if< QtPrivate::FunctionPointer< Func2 >::ArgumentCount==-1 &&!std::is_convertible_v< Func2, const char * >, QMetaObject::Connection >::type | connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const QObject *context, Func2 slot, Qt::ConnectionType type=Qt::AutoConnection) |
|
static bool | disconnect (const QObject *sender, const char *signal, const QObject *receiver, const char *member) |
|
static bool | disconnect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &member) |
|
static bool | disconnect (const QMetaObject::Connection &) |
|
template<typename Func1 , typename Func2 > |
static bool | disconnect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const typename QtPrivate::FunctionPointer< Func2 >::Object *receiver, Func2 slot) |
|
template<typename Func1 > |
static bool | disconnect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const QObject *receiver, void **zero) |
|
QObject * | sender () const |
|
int | senderSignalIndex () const |
|
int | receivers (const char *signal) const |
|
bool | isSignalConnected (const QMetaMethod &signal) const |
|
virtual void | timerEvent (QTimerEvent *event) |
|
virtual void | childEvent (QChildEvent *event) |
|
virtual void | customEvent (QEvent *event) |
|
virtual void | connectNotify (const QMetaMethod &signal) |
|
virtual void | disconnectNotify (const QMetaMethod &signal) |
|
| QObject (QObjectPrivate &dd, QObject *parent=nullptr) |
|
QScopedPointer< QObjectData > | d_ptr |
|
QString | objectName |
| the name of this object More...
|
|
template< class T > T | qobject_cast (const QObject *object) |
|
template< typename T > T | qFindChildqFindChildren (const QObject *obj, const QString &name)() |
|
template< typename T > QList< T > | qFindChildrenqFindChildren (const QObject *obj, const QString &name)() |
|
| QObjectList |
|
This class implements server-side DTLS cookie generation and verification.
- Since
- 5.12
\inmodule QtNetwork
The QDtlsClientVerifier class implements server-side DTLS cookie generation and verification. Datagram security protocols are highly susceptible to a variety of Denial-of-Service attacks. According to \l {RFC 6347, section 4.2.1}, these are two of the more common types of attack:
\list
- An attacker transmits a series of handshake initiation requests, causing a server to allocate excessive resources and potentially perform expensive cryptographic operations.
- An attacker transmits a series of handshake initiation requests with a forged source of the victim, making the server act as an amplifier. Normally, the server would reply to the victim machine with a Certificate message, which can be quite large, thus flooding the victim machine with datagrams. \endlist
As a countermeasure to these attacks, \l {RFC 6347, section 4.2.1} proposes a stateless cookie technique that a server may deploy:
\list
- In response to the initial ClientHello message, the server sends a HelloVerifyRequest, which contains a cookie. This cookie is a cryptographic hash and is generated using the client's address, port number, and the server's secret (which is a cryptographically strong pseudo-random sequence of bytes).
- A reachable DTLS client is expected to reply with a new ClientHello message containing this cookie.
- When the server receives the ClientHello message with a cookie, it generates a new cookie as described above. This new cookie is compared to the one found in the ClientHello message.
- In the cookies are equal, the client is considered to be real, and the server can continue with a TLS handshake procedure. \endlist
- Note
- A DTLS server is not required to use DTLS cookies.
QDtlsClientVerifier is designed to work in pair with QUdpSocket, as shown in the following code-excerpt:
QDtlsClientVerifier does not impose any restrictions on how the application uses QUdpSocket. For example, it is possible to have a server with a single QUdpSocket in state QAbstractSocket::BoundState, handling multiple DTLS clients simultaneously:
\list
- Testing if new clients are real DTLS-capable clients.
- Completing TLS handshakes with the verified clients (see QDtls).
- Decrypting datagrams coming from the connected clients (see QDtls).
- Sending encrypted datagrams to the connected clients (see QDtls). \endlist
This implies that QDtlsClientVerifier does not read directly from a socket, instead it expects the application to read an incoming datagram, extract the sender's address, and port, and then pass this data to verifyClient(). To send a HelloVerifyRequest message, verifyClient() can write to the QUdpSocket.
- Note
- QDtlsClientVerifier does not take ownership of the QUdpSocket object.
By default QDtlsClientVerifier obtains its secret from a cryptographically strong pseudorandom number generator.
- Note
- The default secret is shared by all objects of the classes QDtlsClientVerifier and QDtls. Since this can impose security risks, RFC 6347 recommends to change the server's secret frequently. Please see \l {RFC 6347, section 4.2.1} for hints about possible server implementations. Cookie generator parameters can be set using the class QDtlsClientVerifier::GeneratorParameters and setCookieGeneratorParameters():
The \l{secureudpserver}{DTLS server} example illustrates how to use QDtlsClientVerifier in a server application.
- See also
- QUdpSocket, QAbstractSocket::BoundState, QDtls, verifyClient(), GeneratorParameters, setCookieGeneratorParameters(), cookieGeneratorParameters(), QDtls::setCookieGeneratorParameters(), QDtls::cookieGeneratorParameters(), QCryptographicHash::Algorithm, QDtlsError, dtlsError(), dtlsErrorString()
Definition at line 79 of file qdtls.h.