From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl0-f68.google.com (mail-pl0-f68.google.com [209.85.160.68]) by dpdk.org (Postfix) with ESMTP id 492E12BAF for ; Wed, 15 Aug 2018 16:52:09 +0200 (CEST) Received: by mail-pl0-f68.google.com with SMTP id g1-v6so570868plo.2 for ; Wed, 15 Aug 2018 07:52:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NPols7QX5dFHT/v0+nkDNkd6Ek811oqkJ6eC4rGGAwo=; b=LvSrZgQWm1OFvzkLiLKbIeGibadZ16JDJ07Igejaf+xq5Ov+iAR7GAjjMXYQNDXaWw i5GqoJAfOfVZQamZ2K35AH80GIuF7AFsSN6urcapqTzQcNCVad8H7BVg2AsW7lamuZo5 jYIvwjUNcCJ7iWHe/7ZFLrJJlNcPMP9Dxjrv2CQRImB+uMArJ5ZbG3ObH1FX6lYxXVSJ tmpiaCu1L+35ui6w86mzG8tI9ysWQdO9ukxfp9z5iYDBXqL8NanZbKLNLt6gzgqnkT8E /K9CdzVghbo1z+Qno2+6QJPMZa0vPccDiSs4BpQ4lkE3NghE7rVSnCOVOMij/ZQPwEuF ETcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NPols7QX5dFHT/v0+nkDNkd6Ek811oqkJ6eC4rGGAwo=; b=io4PAo+wWAtDUuUD4v+ESnzAwBtPYt5l+uQhZg7MZVUuv9B7vy5DGXYztT9ek4i+k3 u5aK5g939e1jDq2MggkXN8KyTl0pGPs7vNL+Hs8xOI4/YtjpTxnUpuVeVMKuUjuwpLH2 yJI+2wgIzfa6saauCoxlPZaxuZji1ymRu4tMDh5H4b11J28Uc1zSNRRCuJRdbdKLQvLq yzNvG8CJwQ+NBm1KIcTB47Q75XgADNvgS+sHBxxHoc3KXUXtYRCIZ6T3oPrdINv/GrUq hehqWHT2LJrWRHbt/Q0jGX/SOJVMuMKi5LkqaKNDe9S9FeqyV7mmYfM5OxNaxlPotyEI Ff/A== X-Gm-Message-State: AOUpUlFA1KCvcfNEzElN0SZmvTws39Na/ovizbofE5yJh2XFjy6JFEPq wTCu/L0IopoIchh8qtjLgzPDQQ== X-Google-Smtp-Source: AA+uWPyxer8bQHIjURGUJjhzk3M6gC0Id+AqWXOKqVRy+ZErCQXNzYBKcKc8QdhwbJMbE/1R/XZHZQ== X-Received: by 2002:a17:902:22:: with SMTP id 31-v6mr24803412pla.190.1534344728241; Wed, 15 Aug 2018 07:52:08 -0700 (PDT) Received: from xeon-e3 (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id h130-v6sm84813342pgc.88.2018.08.15.07.52.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Aug 2018 07:52:08 -0700 (PDT) Date: Wed, 15 Aug 2018 07:52:06 -0700 From: Stephen Hemminger To: Konstantinos Schoinas Cc: users@dpdk.org Message-ID: <20180815075206.72e6b45d@xeon-e3> In-Reply-To: References: <259d01f7a94e1c4eadf9e57fe89be7cc@upnet.gr> <0d5ad82171cc381f5b5a8efd6a9f0f91@upnet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-users] Sequence Number /More info on the Subject X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2018 14:52:09 -0000 On Wed, 15 Aug 2018 17:17:48 +0300 Konstantinos Schoinas wrote: > =CE=A3=CF=84=CE=B9=CF=82 2018-08-15 12:22, Konstantinos Schoinas =CE=AD= =CE=B3=CF=81=CE=B1=CF=88=CE=B5: > > -------- =CE=91=CF=81=CF=87=CE=B9=CE=BA=CF=8C =CE=BC=CE=AE=CE=BD=CF=85= =CE=BC=CE=B1 -------- > > =CE=98=CE=AD=CE=BC=CE=B1: Sequence Number > > =CE=97=CE=BC=CE=B5=CF=81=CE=BF=CE=BC=CE=B7=CE=BD=CE=AF=CE=B1: 2018-08-1= 5 12:21 > > =CE=91=CF=80=CE=BF=CF=83=CF=84=CE=BF=CE=BB=CE=AD=CE=B1=CF=82: Konstanti= nos Schoinas > > =CE=A0=CE=B1=CF=81=CE=B1=CE=BB=CE=AE=CF=80=CF=84=CE=B7=CF=82: users > >=20 > > Hello, > >=20 > > I am building an application blocks TLS session if i find a sepcific > > forbidden Server Name Indication. > > According to RFC i must make a response with Fatal Error (2) > > unrecognized name(112). > >=20 > > When i receive the Client Hello and after i Extract the SNI and check > > it against a black list i do process the client hello in order to > > response to client and terminate the session. > >=20 > > Although i am getting a lot of retransmit packets on wireshark so i > > suppose i am doing something wrong. > >=20 > > I think i mights have seq and ack number wrong or something.If anyone > > could help i would appreciate. > > Here is the process of the packet after i check for the forbidden SNI: > >=20 > > uint32_t client_receive_ack =3D ntohl(th-=E2=81=A0>recv_ack); > > uint32_t client_send_seq =3D ntohl(th-=E2=81=A0>sent_seq); > >=20 > > th-=E2=81=A0>sent_seq =3D th-=E2=81=A0>recv_ack; > > th-=E2=81=A0>recv_ack =3D htonl(client_send_seq + ntohs(iphdr-=E2=81=A0= >total_length)); > >=20 > >=20 > > uint16_t l =3D ntohs(ssl-=E2=81=A0>length)-=E2=81=A00x02; > > uint16_t ip_l =3D ntohs(iphdr-=E2=81=A0>total_length) -=E2=81=A0 l; > >=20 > > rte_pktmbuf_trim(m,l); > > iphdr-=E2=81=A0>total_length =3D htons(ip_l); > > ssl-=E2=81=A0>length =3D htons(2); > >=20 > > alert =3D (struct Alert *)((uint8_t *)ssl + 5); > >=20 > >=20 > > iphdr-=E2=81=A0>src_addr =3D dst_ip; > > iphdr-=E2=81=A0>dst_addr =3D src_ip; > > th-=E2=81=A0>src_port =3D dst_port; > > th-=E2=81=A0>dst_port =3D src_port; > > ssl-=E2=81=A0>type =3D 21; //alert message > > alert-=E2=81=A0>type =3D 2; // fatal error > > alert-=E2=81=A0>description =3D 112; // Unrecognized name > >=20 > > iphdr-=E2=81=A0>hdr_checksum =3D 0; > > th-=E2=81=A0>cksum =3D 0; > > iphdr-=E2=81=A0>hdr_checksum =3D rte_ipv4_cksum(iphdr); > >=20 > > th-=E2=81=A0>cksum =3D rte_ipv4_udptcp_cksum(iphdr,th); > >=20 > >=20 > >=20 > >=20 > > Thanks for your time =20 >=20 >=20 >=20 >=20 > I wanted to give some more information on the subject.I am adding a=20 > picture of wireshark with the mail to give more info.The problem of the=20 > retransmitted packet is that it doesnt end the TLS session even though i= =20 > am sending a fatal-error alert with dpdk. >=20 > I believe that i do something wrong with the process of client hello so=20 > it doesnt have the right format in order to get recognized by the client= =20 > and end the tls Session. >=20 > If you see my code above i change the source ,dest ip and port the seq=20 > and ack value.In addition i am cutting from SSL Record the data that it=20 > had and i am adding the alert message according to RFC. >=20 > Is there any field i must change according to dpdk? >=20 >=20 >=20 >=20 With wireshark, the easiest thing to attach is a pcap file with the flow in question.