[dpdk-users] Sequence Number

[Konstantinos Schoinas]

-------- Αρχικό μήνυμα --------
Θέμα: Sequence Number
Ημερομηνία: 2018-08-15 12:21
Αποστολέας: Konstantinos Schoinas <ece8537 at upnet.gr>
Παραλήπτης: users <users-bounces at dpdk.org>

Hello,

I am building an application blocks TLS session if i find a sepcific 
forbidden Server Name Indication.
According to RFC i must make a response with Fatal Error (2) 
unrecognized name(112).

When i receive the Client Hello and after i Extract the SNI and check it 
against a black list i do process the client hello in order to response 
to client and terminate the session.

Although i am getting a lot of retransmit packets on wireshark so i 
suppose i am doing something wrong.

I think i mights have seq and ack number wrong or something.If anyone 
could help i would appreciate.
Here is the process of the packet after i check for the forbidden SNI:

uint32_t client_receive_ack = ntohl(th-⁠>recv_ack);
uint32_t client_send_seq = ntohl(th-⁠>sent_seq);

th-⁠>sent_seq = th-⁠>recv_ack;
th-⁠>recv_ack = htonl(client_send_seq + ntohs(iphdr-⁠>total_length));


uint16_t l = ntohs(ssl-⁠>length)-⁠0x02;
uint16_t ip_l = ntohs(iphdr-⁠>total_length) -⁠ l;

rte_pktmbuf_trim(m,l);
iphdr-⁠>total_length = htons(ip_l);
ssl-⁠>length = htons(2);

alert = (struct Alert *)((uint8_t *)ssl + 5);


iphdr-⁠>src_addr = dst_ip;
iphdr-⁠>dst_addr = src_ip;
th-⁠>src_port = dst_port;
th-⁠>dst_port = src_port;
ssl-⁠>type = 21; //alert message
alert-⁠>type = 2; // fatal error
alert-⁠>description = 112; // Unrecognized name

iphdr-⁠>hdr_checksum = 0;
th-⁠>cksum = 0;
iphdr-⁠>hdr_checksum = rte_ipv4_cksum(iphdr);

th-⁠>cksum = rte_ipv4_udptcp_cksum(iphdr,th);




Thanks for your time