Hello,Thank you for your reply.
I am using stm32+lwip-altcp-mbedtls on my application.
lwip takes care of the IP part if I send the another IP based packet (like icmp) packet with different sizes. I didnt get IPv4 packet length error.
I only have this error when I used mbedtls.I did not fully understand the MSS configuration part. I don't know much about this, how should the configurations be?
I'll added my configuration file, lwipopt.h and config_user file in attachment.
Gilles Peskine via mbed-tls <mbed-tls@lists.trustedfirmware.org>, 1 Eki 2021 Cum, 12:58 tarihinde şunu yazdı:
Hi Duygu,
As far as I understand, "IPv4 total length exceeds packet length"
indicates a bug or misconfiguration in the IP stack: it's sending an
invalid packet. I don't think Mbed TLS can solve or work around this
problem: TCP is a stream protocol, the higher level doesn't have any
control over how the stream is broken into packets.
If your TCP/IP stack lets you configure the MSS, a lower MSS may work.
It's still a workaround: as far as I know, the MSS is only supposed to
be a matter of performance, the IP layer under the hood should fragment
and reassemble packets as needed.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 01/10/2021 10:13, Duygu D. via mbed-tls wrote:
> Hello,
>
> I am using this example for the source of the my main purpose
> : https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c
> <https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c>
>
> This example using https but I'm trying to use this example on Modbus
> Server.
>
> This is init function for the server tcp connections:
>
> BOOL
> xMBTCPPortInit( USHORT usTCPPort )
> {
> struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld;
> BOOL bOkay = (BOOL)FALSE;
> USHORT usPort;
> extern struct altcp_tls_config* getTlsConfig(void);
> tls_config = getTlsConfig();
> mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL);
> mbedtls_debug_set_threshold(5);
> if( usTCPPort == 0 )
> {
> usPort = MB_TCP_DEFAULT_PORT;
> }
> else
> {
> usPort = ( USHORT ) usTCPPort;
> }
> if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new(
> tls_config,IPADDR_TYPE_ANY) ) == NULL )
> {
> /* Can't create TCP socket. */
> bOkay = (BOOL)FALSE;
> }
> else
> if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t ) usPort )
> != ERR_OK )
> {
>
> /* Bind failed - Maybe illegal port value or in use. */
> ( void )altcp_close( pxPCBListenOld );
> bOkay = (BOOL)FALSE;
> }
> else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) ) == NULL )
> {
>
> ( void )altcp_close( pxPCBListenOld );
> bOkay = (BOOL)FALSE;
> }
> else
> {
>
> // altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/;
> /* Register callback function for new clients. */
> altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept );
>
> /* Everything okay. Set global variable. */
> pxPCBListen = pxPCBListenNew;
>
> #ifdef MB_TCP_DEBUG
> vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack
> ready.\r\n" );
> #endif
> SerialPrint("MBTCTP-ACCEPT");
> }
>
> bOkay = (BOOL)TRUE;
> return bOkay;
> }
>
> struct altcp_tls_config* getTlsConfig(void)
> {
> struct altcp_tls_config* conf;
> size_t privkey_len = strlen(privkey) + 1;
> size_t privkey_pass_len = strlen(privkey_pass) + 1;
> size_t cert_len = strlen(cert) + 1;
>
> conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey,
> privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert,
> cert_len);
>
> return conf;
> }
>
> And I am using basic python tls client example to show successful
> mbedtls handshake.
> This is my client.py codes:
>
> import time
> from socket import create_connection
> from ssl import SSLContext, PROTOCOL_TLS_CLIENT
> import ssl
>
> hostname='example.org <http://example.org>' ip = '192.168.1.2' port = 502 context = SSLContext(PROTOCOL_TLS_CLIENT)
> context.options |= ssl.OP_NO_SSLv3
> context.options |= ssl.OP_NO_TLSv1
> context.options |= ssl.OP_NO_TLSv1_1
> context.load_verify_locations('cert.pem')
>
> with create_connection((ip, port)) as client:
> with context.wrap_socket(client, server_hostname=hostname) as tls:
> print(f'Using {tls.version()}\n')
> tls.sendall(b'Hello world')
>
> data = tls.recv(1024)
> print(f'Server says: {data}')
>
> When I try to start communication I get below outputs on wireshark:
> image.png
>
> When the server send hello message I've this error on the line:
> image.png
>
> When I checked the low_level_output functions I get sending data bytes
> 150 byte but Ipv4 length shows us 576 byte, opt.h file set as default
> but if I changed TCP_MSS as a 250 byte so I can send 136 byte and Ipv4
> packet lenght shows me 136. But does not make sense. I couldnt do
> successful handshaking.
>
> My mbedtls debug outputs in this
> link https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz
> <https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz> How cna I solve
> this problem ? What is the reason for the lenght problem ?
> Best Regards.
>
>
>
> --
> Embeded System Engineer
>
>
--
mbed-tls mailing list
mbed-tls@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
--
Embeded System Engineer