ARMmbed

Mbedtls_ssl_write doesn't verify ACK packet?

Hi guys,

I’m using lib mbedtls 2.13.0, I currently have an issue that function mbedtls_ssl_write return 0 (success on write) without verifying ACK packet from the receiver. I tried to shut down network connection on my device and mbedtls_ssl_write also return 0.

It’s kinda strange because I have chose TCP protocol MBEDTLS_NET_PROTO_TCP when connecting with mbedtls_net_connect.

What am I doing wrong? If mbedtls_ssl_write couldn’t handle the verifying ACK, how should I resolve it manually?

Thanks in advanced.

Hi @sinhviencodon
Thank you for your question!

As mentioned in the function documentation :

 * \return         The (non-negative) number of bytes actually written if
 *                 successful (may be less than \p len). 

So, if you the functions returned 0, then it doesn’t mean it’s a success on write, but the number of bytes written.
Please enable logs to understand why the function returns 0.
Note that Mbed TLS is a TLS stack, and doesn’t handle the TCP stack messages.
Have you verified with a network sniffer such as wireshark that ACK is indeed not received?
Regards,
Mbed TLS Team member
Ron

Hi @roneld01, thanks for your reply.

If mbedtls_ssl_write returns bytes that written then how should I differ these cases:

  • Something went wrong and 0 bytes was written.
  • Device’s network shut down. (I enabled debug mod with mbedtls_ssl_conf_dbg and mbedtls_debug_set_threshold but there is no error log in this case, only 0 is returned as above case).
  • Device doesn’t receive ACK from host at all. (I met this situation once but I haven’t managed to reproduce the case but I wonder what is the expected behavior for this case?)

Hi @sinhviencodon

  • Something went wrong and 0 bytes was written.

In this case you should be getting an error code, not 0

  • Device’s network shut down. (I enabled debug mod with mbedtls_ssl_conf_dbg and mbedtls_debug_set_threshold but there is no error log in this case, only 0 is returned as above case).

Can you trace where the 0 is returned from? Is it from your bio write callback or from the Mbed TLS code?

  • Device doesn’t receive ACK from host at all. (I met this situation once but I haven’t managed to reproduce the case but I wonder what is the expected behavior for this case?)

Again, this is in the TCP stack. You should probably look at your bio callback implementations.

Regards

Hi @roneld01,

Again, this is in the TCP stack. You should probably look at your bio callback implementations.

Sorry for the misunderstanding, I use mbedtls_net_send and mbedtls_net_recv, which are packed within mbedtls package, as callback functions to send/receive packet.

Can you trace where the 0 is returned from? Is it from your bio write callback or from the Mbed TLS code?

My bad, the 0 returned is from another wrapper. The correct behavior is:

  • I disconnect my device’s network.
  • Then I try to send a PING packet with 2 bytes data.
  • The result is that mbedtls_ssl_write returns 2 bytes were written.

Therefore, maybe something wrong with mbedtls_net_send because it doesn’t fire any complaint about missing ACK?
Or mbedtls_ssl_write doesn’t handle errors returned by mbedtls_net_send and I have to handle it by myself?

Edit: I just figured out that mbedtls_net_send uses write, which only returns byte that written into OS kernel. Seem like I have to implement an acknowledgement mechanism on app-level to verify whether the server side receive my message or not.

Thanks alot for you support.

Best regards.

Hi @sinhviencodon

Edit : I just figured out that mbedtls_net_send uses write , which only returns byte that written into OS kernel. Seem like I have to implement an acknowledgement mechanism on app-level to verify whether the server side receive my message or not.

Yes, this is what I was trying to explain, sorry for not explaining correct.
Regards,
Ron