Hello,
Thank you for your reply.
I am using stm32+lwip-altcp-mbedtls on my application.
lwip takes care of the IP part if I send the another IP based packet (like icmp) packet with different sizes. I didnt get IPv4 packet length error.
I only have this error when I used mbedtls. 
I did not fully understand the MSS configuration part. I don't know much about this, how should the configurations be?

I'll added my configuration file, lwipopt.h and config_user file in attachment. 



Gilles Peskine via mbed-tls <mbed-tls@lists.trustedfirmware.org>, 1 Eki 2021 Cum, 12:58 tarihinde şunu yazdı:
Hi Duygu,

As far as I understand, "IPv4 total length exceeds packet length"
indicates a bug or misconfiguration in the IP stack: it's sending an
invalid packet. I don't think Mbed TLS can solve or work around this
problem: TCP is a stream protocol, the higher level doesn't have any
control over how the stream is broken into packets.

If your TCP/IP stack lets you configure the MSS, a lower MSS may work.
It's still a workaround: as far as I know, the MSS is only supposed to
be a matter of performance, the IP layer under the hood should fragment
and reassemble packets as needed.

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 01/10/2021 10:13, Duygu D. via mbed-tls wrote:
> Hello,
>
> I am using this example for the source of the my main purpose
> : https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c
> <https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blob/f3943f7487a296a16ddff51885c9c8d0ca07562a/LambdaIOT/httpd/http_core.c>
>
> This example using https but I'm trying to use this example on Modbus
> Server. 
>
> This is init function for the server tcp connections:
>
> BOOL
> xMBTCPPortInit( USHORT usTCPPort )
> {
>     struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld;
>     BOOL            bOkay = (BOOL)FALSE;
>     USHORT          usPort;
>     extern struct altcp_tls_config* getTlsConfig(void);
>     tls_config = getTlsConfig();
>     mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL);
>     mbedtls_debug_set_threshold(5);
>     if( usTCPPort == 0 )
>     {
>         usPort = MB_TCP_DEFAULT_PORT;
>     }
>     else
>     {
>         usPort = ( USHORT ) usTCPPort;
>     }
>     if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new(
> tls_config,IPADDR_TYPE_ANY) ) == NULL )
>     {
>         /* Can't create TCP socket. */
>         bOkay = (BOOL)FALSE;
>     }
>     else 
>       if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t ) usPort )
> != ERR_OK )
>     {
>
>         /* Bind failed - Maybe illegal port value or in use. */
>         ( void )altcp_close( pxPCBListenOld );
>         bOkay = (BOOL)FALSE;
>     }
>     else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) ) == NULL )
>     {
>
>         ( void )altcp_close( pxPCBListenOld );
>         bOkay = (BOOL)FALSE;
>     }
>     else
>     {
>
> //         altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/;
>         /* Register callback function for new clients. */
>         altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept );
>
>         /* Everything okay. Set global variable. */
>         pxPCBListen = pxPCBListenNew;
>
> #ifdef MB_TCP_DEBUG
>         vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack
> ready.\r\n" );
> #endif
> SerialPrint("MBTCTP-ACCEPT");
>     }
>
>     bOkay = (BOOL)TRUE;
>     return bOkay;
> }
>
> struct altcp_tls_config* getTlsConfig(void)
> {
> struct altcp_tls_config* conf;
> size_t privkey_len = strlen(privkey) + 1;
> size_t privkey_pass_len = strlen(privkey_pass) + 1;
> size_t cert_len = strlen(cert) + 1;
>
> conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey,
> privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert,
> cert_len);
>
> return conf;
> }
>
> And I am using basic python tls client example to show successful
> mbedtls handshake. 
> This is my client.py codes:
>
> import time
> from socket import create_connection
> from ssl import SSLContext, PROTOCOL_TLS_CLIENT
> import ssl
>
> hostname='example.org <http://example.org>' ip = '192.168.1.2' port = 502 context = SSLContext(PROTOCOL_TLS_CLIENT)
> context.options |= ssl.OP_NO_SSLv3
> context.options |= ssl.OP_NO_TLSv1
> context.options |= ssl.OP_NO_TLSv1_1
> context.load_verify_locations('cert.pem')
>
> with create_connection((ip, port)) as client:
>     with context.wrap_socket(client, server_hostname=hostname) as tls:
>         print(f'Using {tls.version()}\n')
>         tls.sendall(b'Hello world')
>
>         data = tls.recv(1024)
>         print(f'Server says: {data}')
>
> When I try to start communication I get below outputs on wireshark:
> image.png
>
> When the server send hello message I've this error on the line:
> image.png
>
> When I checked the low_level_output functions I get sending data bytes
> 150 byte but Ipv4 length shows us 576 byte, opt.h file set as default
> but if I changed TCP_MSS as a 250 byte so I can send 136 byte and Ipv4
> packet lenght shows me 136. But does not make sense.  I couldnt do
> successful handshaking. 
>
> My mbedtls debug outputs in this
> link https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz
> <https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz>  How cna I solve
> this problem ? What is the reason for the lenght problem ?
> Best Regards.
>
>
>
> --
> Embeded System Engineer 
>
>

--
mbed-tls mailing list
mbed-tls@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls


--
Embeded System Engineer