Re: [dpdk-users] Sequence Number /More info on the Subject

Wed, 15 Aug 2018 07:17:58 -0700 

Στις 2018-08-15 12:22, Konstantinos Schoinas έγραψε:

-------- Αρχικό μήνυμα --------
Θέμα: Sequence Number
Ημερομηνία: 2018-08-15 12:21
Αποστολέας: Konstantinos Schoinas <[email protected]>
Παραλήπτης: users <[email protected]>

Hello,

I am building an application blocks TLS session if i find a sepcific
forbidden Server Name Indication.
According to RFC i must make a response with Fatal Error (2)
unrecognized name(112).

When i receive the Client Hello and after i Extract the SNI and check
it against a black list i do process the client hello in order to
response to client and terminate the session.

Although i am getting a lot of retransmit packets on wireshark so i
suppose i am doing something wrong.

I think i mights have seq and ack number wrong or something.If anyone
could help i would appreciate.
Here is the process of the packet after i check for the forbidden SNI:

uint32_t client_receive_ack = ntohl(th-⁠>recv_ack);
uint32_t client_send_seq = ntohl(th-⁠>sent_seq);

th-⁠>sent_seq = th-⁠>recv_ack;
th-⁠>recv_ack = htonl(client_send_seq + ntohs(iphdr-⁠>total_length));


uint16_t l = ntohs(ssl-⁠>length)-⁠0x02;
uint16_t ip_l = ntohs(iphdr-⁠>total_length) -⁠ l;

rte_pktmbuf_trim(m,l);
iphdr-⁠>total_length = htons(ip_l);
ssl-⁠>length = htons(2);

alert = (struct Alert *)((uint8_t *)ssl + 5);


iphdr-⁠>src_addr = dst_ip;
iphdr-⁠>dst_addr = src_ip;
th-⁠>src_port = dst_port;
th-⁠>dst_port = src_port;
ssl-⁠>type = 21; //alert message
alert-⁠>type = 2; // fatal error
alert-⁠>description = 112; // Unrecognized name

iphdr-⁠>hdr_checksum = 0;
th-⁠>cksum = 0;
iphdr-⁠>hdr_checksum = rte_ipv4_cksum(iphdr);

th-⁠>cksum = rte_ipv4_udptcp_cksum(iphdr,th);




Thanks for your time
I wanted to give some more information on the subject.I am adding a picture of wireshark with the mail to give more info.The problem of the retransmitted packet is that it doesnt end the TLS session even though i am sending a fatal-error alert with dpdk.
I believe that i do something wrong with the process of client hello so it doesnt have the right format in order to get recognized by the client and end the tls Session.
If you see my code above i change the source ,dest ip and port the seq and ack value.In addition i am cutting from SSL Record the data that it had and i am adding the alert message according to RFC. 

Is there any field i must change according to dpdk?

Reply via email to