I'm afraid this goes beyond my knowledge of TCP/IP and LWIP. I see a lot
of options in lwipopts.h, is there some kind of reference configuration
that works (but perhaps uses too much memory for your application)? If
you've modified some of the options, have you double-checked their
consistency?
Have you tried a TCP application that sends packets of several hundred
bytes? The stack might treat ICMP packets and TCP packets differently,
so testing with ICMP isn't conclusive.
Unrelated to your problem: in the Mbed TLS configuration, you can
probably reduce MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN to save RAM. MBEDTLS_SSL_OUT_CONTENT_LEN
usually needs to be only the size of the largest handshake message.
MBEDTLS_SSL_IN_CONTENT_LEN needs to be as large as the messages your
device receives: 16kB is necessary to be fully standard-compliant, but
most devices don't send such large messages.
--
Gilles Peskine
Mbed TLS developer
On 01/10/2021 12:08, Duygu D. wrote:
> Hello,
> Thank you for your reply.
> I am using stm32+lwip-altcp-mbedtls on my application.
> lwip takes care of the IP part if I send the another IP based packet
> (like icmp) packet with different sizes. I didnt get IPv4 packet
> length error.
> I only have this error when I used mbedtls.
> I did not fully understand the MSS configuration part. I don't know
> much about this, how should the configurations be?
>
> I'll added my configuration file, lwipopt.h and config_user file in
> attachment.
>
>
>
> Gilles Peskine via mbed-tls <mbed-tls@lists.trustedfirmware.org
>
mailto:mbed-tls@lists.trustedfirmware.org>, 1 Eki 2021 Cum, 12:58
> tarihinde şunu yazdı:
>
> Hi Duygu,
>
> As far as I understand, "IPv4 total length exceeds packet length"
> indicates a bug or misconfiguration in the IP stack: it's sending an
> invalid packet. I don't think Mbed TLS can solve or work around this
> problem: TCP is a stream protocol, the higher level doesn't have any
> control over how the stream is broken into packets.
>
> If your TCP/IP stack lets you configure the MSS, a lower MSS may work.
> It's still a workaround: as far as I know, the MSS is only supposed to
> be a matter of performance, the IP layer under the hood should
> fragment
> and reassemble packets as needed.
>
> Best regards,
>
> --
> Gilles Peskine
> Mbed TLS developer
>
> On 01/10/2021 10:13, Duygu D. via mbed-tls wrote:
> > Hello,
> >
> > I am using this example for the source of the my main purpose
> >
> :
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob...
>
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c
> >
>
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c>
> >
> > This example using https but I'm trying to use this example on
> Modbus
> > Server.
> >
> > This is init function for the server tcp connections:
> >
> > BOOL
> > xMBTCPPortInit( USHORT usTCPPort )
> > {
> > struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld;
> > BOOL bOkay = (BOOL)FALSE;
> > USHORT usPort;
> > extern struct altcp_tls_config* getTlsConfig(void);
> > tls_config = getTlsConfig();
> > mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL);
> > mbedtls_debug_set_threshold(5);
> > if( usTCPPort == 0 )
> > {
> > usPort = MB_TCP_DEFAULT_PORT;
> > }
> > else
> > {
> > usPort = ( USHORT ) usTCPPort;
> > }
> > if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new(
> > tls_config,IPADDR_TYPE_ANY) ) == NULL )
> > {
> > /* Can't create TCP socket. */
> > bOkay = (BOOL)FALSE;
> > }
> > else
> > if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t )
> usPort )
> > != ERR_OK )
> > {
> >
> > /* Bind failed - Maybe illegal port value or in use. */
> > ( void )altcp_close( pxPCBListenOld );
> > bOkay = (BOOL)FALSE;
> > }
> > else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) )
> == NULL )
> > {
> >
> > ( void )altcp_close( pxPCBListenOld );
> > bOkay = (BOOL)FALSE;
> > }
> > else
> > {
> >
> > // altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/;
> > /* Register callback function for new clients. */
> > altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept );
> >
> > /* Everything okay. Set global variable. */
> > pxPCBListen = pxPCBListenNew;
> >
> > #ifdef MB_TCP_DEBUG
> > vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack
> > ready.\r\n" );
> > #endif
> > SerialPrint("MBTCTP-ACCEPT");
> > }
> >
> > bOkay = (BOOL)TRUE;
> > return bOkay;
> > }
> >
> > struct altcp_tls_config* getTlsConfig(void)
> > {
> > struct altcp_tls_config* conf;
> > size_t privkey_len = strlen(privkey) + 1;
> > size_t privkey_pass_len = strlen(privkey_pass) + 1;
> > size_t cert_len = strlen(cert) + 1;
> >
> > conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey,
> > privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert,
> > cert_len);
> >
> > return conf;
> > }
> >
> > And I am using basic python tls client example to show successful
> > mbedtls handshake.
> > This is my client.py codes:
> >
> > import time
> > from socket import create_connection
> > from ssl import SSLContext, PROTOCOL_TLS_CLIENT
> > import ssl
> >
> > hostname='example.org
http://example.org http://example.org
http://example.org>' ip = '192.168.1.2' port = 502 context =
> SSLContext(PROTOCOL_TLS_CLIENT)
> > context.options |= ssl.OP_NO_SSLv3
> > context.options |= ssl.OP_NO_TLSv1
> > context.options |= ssl.OP_NO_TLSv1_1
> > context.load_verify_locations('cert.pem')
> >
> > with create_connection((ip, port)) as client:
> > with context.wrap_socket(client, server_hostname=hostname)
> as tls:
> > print(f'Using {tls.version()}\n')
> > tls.sendall(b'Hello world')
> >
> > data = tls.recv(1024)
> > print(f'Server says: {data}')
> >
> > When I try to start communication I get below outputs on wireshark:
> > image.png
> >
> > When the server send hello message I've this error on the line:
> > image.png
> >
> > When I checked the low_level_output functions I get sending data
> bytes
> > 150 byte but Ipv4 length shows us 576 byte, opt.h file set as
> default
> > but if I changed TCP_MSS as a 250 byte so I can send 136 byte
> and Ipv4
> > packet lenght shows me 136. But does not make sense. I couldnt do
> > successful handshaking.
> >
> > My mbedtls debug outputs in this
> > link
https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz
>
https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz
> >
https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz
https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz> How cna I solve
> > this problem ? What is the reason for the lenght problem ?
> > Best Regards.
> >
> >
> >
> > --
> > Embeded System Engineer
> >
> >
>
> --
> mbed-tls mailing list
> mbed-tls@lists.trustedfirmware.org
>
mailto:mbed-tls@lists.trustedfirmware.org
>
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
>
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
>
>
>
> --
> Embeded System Engineer
>