-------- Αρχικό μήνυμα --------
Θέμα: Sequence Number
Ημερομηνία: 2018-08-15 12:21
Αποστολέας: Konstantinos Schoinas <[email protected]>
Παραλήπτης: users <[email protected]>
Hello,
I am building an application blocks TLS session if i find a sepcific
forbidden Server Name Indication.
According to RFC i must make a response with Fatal Error (2)
unrecognized name(112).
When i receive the Client Hello and after i Extract the SNI and check it
against a black list i do process the client hello in order to response
to client and terminate the session.
Although i am getting a lot of retransmit packets on wireshark so i
suppose i am doing something wrong.
I think i mights have seq and ack number wrong or something.If anyone
could help i would appreciate.
Here is the process of the packet after i check for the forbidden SNI:
uint32_t client_receive_ack = ntohl(th->recv_ack);
uint32_t client_send_seq = ntohl(th->sent_seq);
th->sent_seq = th->recv_ack;
th->recv_ack = htonl(client_send_seq + ntohs(iphdr->total_length));
uint16_t l = ntohs(ssl->length)-0x02;
uint16_t ip_l = ntohs(iphdr->total_length) - l;
rte_pktmbuf_trim(m,l);
iphdr->total_length = htons(ip_l);
ssl->length = htons(2);
alert = (struct Alert *)((uint8_t *)ssl + 5);
iphdr->src_addr = dst_ip;
iphdr->dst_addr = src_ip;
th->src_port = dst_port;
th->dst_port = src_port;
ssl->type = 21; //alert message
alert->type = 2; // fatal error
alert->description = 112; // Unrecognized name
iphdr->hdr_checksum = 0;
th->cksum = 0;
iphdr->hdr_checksum = rte_ipv4_cksum(iphdr);
th->cksum = rte_ipv4_udptcp_cksum(iphdr,th);
Thanks for your time
