1

(7 replies, posted in wolfSSL)

sniffer decrypting usually works when not going through an F5 load balancer, but works clients go directly to the servers and by-pass the F5.  At first we thought it was diffie-Hellman, but we made sure it  is turned off.  Here is what I think points to the  problem in the log..  The message "Decrypt Keys Not Set Up " is what I see different between setups that work and setups that don't work..  What could this mean?

Fri Jan 22 11:02:48 2016
    Got a Packet to decode, packet 6
    dst:10.49.10.133 src:10.49.10.143
    Checking IP Header
    dstPort:42684 srcPort:8081
    Checking TCP Header
    Sequence:3730116796, payload length:86
    Ack:104 Expected:104
    Expected sequence:1, received sequence:1
    Got a HandShake msg
    Got Server Hello msg
    Couldn't Resume Session Error

Fri Jan 22 11:02:48 2016
    Got a Packet to decode, packet 7
    dst:10.49.10.133 src:10.49.10.143
    Checking IP Header
    dstPort:42684 srcPort:8081
    Checking TCP Header
    Sequence:3730116882, payload length:59
    Ack:104 Expected:104
    Expected sequence:87, received sequence:87
    Session in Fatal Error State
    Got a Change Cipher Spec msg
    Another msg to Process
    Decrypt Keys Not Set Up

Fri Jan 22 11:02:48 2016
    Got a Packet to decode, packet 8
    dst:10.49.10.143 src:10.49.10.133
    Checking IP Header
    dstPort:8081 srcPort:42684
    Checking TCP Header
    Sequence:1171883772, payload length:0
    Ack:87 Expected:146
    Expected sequence:104, received sequence:104
    Session in Fatal Error State
    Partial SSL record received

2

(7 replies, posted in wolfSSL)

Changing an old performance monitor that had SSL for TLS 1.0 and hasn't been updated since 2010 or so.   Trying to add TLS 1.1 and 1.2.    Found wolfssl and thought it might be a great tool for doing this. The old code used the pcap_loop with a callback.  Suggestions?  I assume a rewrite of CheckHeaders function in sniffer.c may be needed.

3

(7 replies, posted in wolfSSL)

I'm using the pcap_loop callback then trying to use ssl_DecodePacket to decode in the callback function.  I'm getting an error in the trace:
Got a Packet to decode, packet 51
        dst:1.205.113.131 src:8.0.69.0
        Checking IP Header
        Wrong IP Version

It all works fine when I use:   pcap_next

How can I fix "ssl_DecodePacket" to work in a callback funciton?