Hello, Thank you for your reply. I am using stm32+lwip-altcp-mbedtls on my application. lwip takes care of the IP part if I send the another IP based packet (like icmp) packet with different sizes. I didnt get IPv4 packet length error. I only have this error when I used mbedtls. I did not fully understand the MSS configuration part. I don't know much about this, how should the configurations be?
I'll added my configuration file, lwipopt.h and config_user file in attachment.
Gilles Peskine via mbed-tls mbed-tls@lists.trustedfirmware.org, 1 Eki 2021 Cum, 12:58 tarihinde şunu yazdı:
Hi Duygu,
As far as I understand, "IPv4 total length exceeds packet length" indicates a bug or misconfiguration in the IP stack: it's sending an invalid packet. I don't think Mbed TLS can solve or work around this problem: TCP is a stream protocol, the higher level doesn't have any control over how the stream is broken into packets.
If your TCP/IP stack lets you configure the MSS, a lower MSS may work. It's still a workaround: as far as I know, the MSS is only supposed to be a matter of performance, the IP layer under the hood should fragment and reassemble packets as needed.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 01/10/2021 10:13, Duygu D. via mbed-tls wrote:
Hello,
I am using this example for the source of the my main purpose :
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob...
<
https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob...
This example using https but I'm trying to use this example on Modbus Server.
This is init function for the server tcp connections:
BOOL xMBTCPPortInit( USHORT usTCPPort ) { struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld; BOOL bOkay = (BOOL)FALSE; USHORT usPort; extern struct altcp_tls_config* getTlsConfig(void); tls_config = getTlsConfig(); mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL); mbedtls_debug_set_threshold(5); if( usTCPPort == 0 ) { usPort = MB_TCP_DEFAULT_PORT; } else { usPort = ( USHORT ) usTCPPort; } if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new( tls_config,IPADDR_TYPE_ANY) ) == NULL ) { /* Can't create TCP socket. */ bOkay = (BOOL)FALSE; } else if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t ) usPort ) != ERR_OK ) {
/* Bind failed - Maybe illegal port value or in use. */ ( void )altcp_close( pxPCBListenOld ); bOkay = (BOOL)FALSE; } else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) ) == NULL
)
{ ( void )altcp_close( pxPCBListenOld ); bOkay = (BOOL)FALSE; } else {
// altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/; /* Register callback function for new clients. */ altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept );
/* Everything okay. Set global variable. */ pxPCBListen = pxPCBListenNew;
#ifdef MB_TCP_DEBUG vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack ready.\r\n" ); #endif SerialPrint("MBTCTP-ACCEPT"); }
bOkay = (BOOL)TRUE; return bOkay;
}
struct altcp_tls_config* getTlsConfig(void) { struct altcp_tls_config* conf; size_t privkey_len = strlen(privkey) + 1; size_t privkey_pass_len = strlen(privkey_pass) + 1; size_t cert_len = strlen(cert) + 1;
conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey, privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert, cert_len);
return conf; }
And I am using basic python tls client example to show successful mbedtls handshake. This is my client.py codes:
import time from socket import create_connection from ssl import SSLContext, PROTOCOL_TLS_CLIENT import ssl
hostname='example.org http://example.org' ip = '192.168.1.2' port =
502 context = SSLContext(PROTOCOL_TLS_CLIENT)
context.options |= ssl.OP_NO_SSLv3 context.options |= ssl.OP_NO_TLSv1 context.options |= ssl.OP_NO_TLSv1_1 context.load_verify_locations('cert.pem')
with create_connection((ip, port)) as client: with context.wrap_socket(client, server_hostname=hostname) as tls: print(f'Using {tls.version()}\n') tls.sendall(b'Hello world')
data = tls.recv(1024) print(f'Server says: {data}')
When I try to start communication I get below outputs on wireshark: image.png
When the server send hello message I've this error on the line: image.png
When I checked the low_level_output functions I get sending data bytes 150 byte but Ipv4 length shows us 576 byte, opt.h file set as default but if I changed TCP_MSS as a 250 byte so I can send 136 byte and Ipv4 packet lenght shows me 136. But does not make sense. I couldnt do successful handshaking.
My mbedtls debug outputs in this link https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz How cna I solve this problem ? What is the reason for the lenght problem ? Best Regards.
-- Embeded System Engineer
-- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls