[gnutls-help] heartbeat procedure

Joke de Buhr joke at seiken.de
Tue Apr 2 14:40:32 CEST 2013


despite my previous statement i think there may be other problems with the 
handshake procedure.

just to recall the test mini-dtls-heartbeat.c is working correctly. 
i enabled heartbeats:

    gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);

and i'm pinging the peer with

    gnutls_heartbeat_ping(session, 256, 0, 0);

changing it to 

    gnutls_heartbeat_ping(session, 256, 5, GNUTLS_HEARTBEAT_WAIT);

doesn't change the reported errors.

i tried various parameters but it change the odd heartbeat behavior.

i also tried sending out a ping request every 100ms in an endless loop. most 
of the time the pinged peer reports a -9 error during gnutls_receive() but 
sometimes a correct -293 error is reported. i tried increasing the size of the 
ping every ping request but it's not related to the problem.


the error originates in

    hb_len = _gnutls_read_uint16 (msg + 1);
    if (hb_len > len - 3)
      return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

and with hb_len being >10000 most of the time an len being 257.
if the correct -293 error is returned hb_len is 103 and len 257.

any ideas why the correct hb_len size might be calculated?


regards joke


|<7>| READ: Got 317 bytes from 0x1eaadc0
|<7>| READ: read 317 bytes from 0x1eaadc0
|<7>| RB: Have 0 bytes into buffer. Adding 317 bytes.
|<7>| RB: Requested 13 bytes
|<4>| REC[0x1eb1a60]: SSL 254.255 HeartBeat packet received. Epoch 1, length: 
304
|<4>| REC[0x1eb1a60]: Expected Packet Application Data(23)
|<4>| REC[0x1eb1a60]: Received Packet HeartBeat(24) with length: 304
|<4>| REC[0x1eb1a60]: Decrypted Packet[1.315] HeartBeat(24) with length: 257
|<2>| ASSERT: /build/lib/src/libgnutls/lib/ext/heartbeat.c:298
|<2>| ASSERT: /build/lib/src/libgnutls/lib/gnutls_record.c:1247
|<2>| ASSERT: /build/lib/src/libgnutls/lib/gnutls_record.c:1350
!!!!! receive(): -9
|<7>| READ: Got 317 bytes from 0x1eaadc0
|<7>| READ: read 317 bytes from 0x1eaadc0
|<7>| RB: Have 0 bytes into buffer. Adding 317 bytes.
|<7>| RB: Requested 13 bytes
|<4>| REC[0x1eb1a60]: SSL 254.255 HeartBeat packet received. Epoch 1, length: 
304
|<4>| REC[0x1eb1a60]: Expected Packet Application Data(23)
|<4>| REC[0x1eb1a60]: Received Packet HeartBeat(24) with length: 304
|<4>| REC[0x1eb1a60]: Decrypted Packet[1.316] HeartBeat(24) with length: 257
|<2>| ASSERT: /build/lib/src/libgnutls/lib/ext/heartbeat.c:313
|<2>| ASSERT: /build/lib/src/libgnutls/lib/gnutls_record.c:1247
|<2>| ASSERT: /build/lib/src/libgnutls/lib/gnutls_record.c:1350
!!!!! receive(): -293
|<4>| REC[0x1eb1a60]: Preparing Packet HeartBeat(24) with length: 222 and 
target length: 222
|<9>| ENC[0x1eb1a60]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1
|<7>| WRITE: enqueued 285 bytes for 0x1eaadc0. Total 285 bytes.
|<7>| WRITE FLUSH: 285 bytes in buffer.
|<7>| WRITE: wrote 285 bytes, 0 bytes left.
|<4>| REC[0x1eb1a60]: Sent Packet[4] HeartBeat(24) in epoch 1 and length: 285



On Wednesday 27 March 2013 15:47:22 you wrote:
> Thanks for pointing out the test file. It ran successfully and upon further
> investigation I discovered a flow in the pull function i wrote which only
> affected heartbeats. This fixed heartbeats are working.
> 
> regards
> Joke
> 
> On Tuesday 26 March 2013 13:09:43 you wrote:
> > On Tue, Mar 26, 2013 at 12:34 PM, Joke de Buhr <joke at seiken.de> wrote:
> > > sorry, during writing the email the function names got mixed up. i'm
> > > setting>
> > > 
> > >     gnutls_heartbeat_enable(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND);
> > > 
> > > and on the client side and
> > > 
> > >     gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
> > 
> > Then my advice would be to focus on the second part of the initial answer.
> > 
> > >> Check tests/mini-dtls-heartbeat.c.
> > 
> > Does this test run successfully? If yes, did you try to send
> > heartbeats the same way it does?
> > 
> > regards,
> > Nikos



More information about the Gnutls-help mailing list