1 Topic by da

  • da
  • Member
  • Offline
  • Registered: 2024-05-31
  • Posts: 4

Topic: where is .options.alertCount reset?

i have a question regarding the .options.alertCount member of a wolfssl object:
when/where is this byte reset in the wolfssl object?
i can see where it is incremented, but i don't see when/where is it reset. i assume there is a memset somewhere, but i can't seem to find it.

i am getting the -427 error sometimes in a client app (so i don't care about dos attacks), and i am wondering if it makes sense to increase the limit to something big like 100 instead of the default 5, or would it still get tripped eventually (because it is not reset)?

thank you in advance for the help

Share

  • Registered: 2021-07-06
  • Posts: 165

Re: where is .options.alertCount reset?

Hello da,

Great question.  You can define the macro WOLFSSL_ALERT_COUNT_MAX to the max number of alerts you want to accept before throwing an error, so if you truly want to ignore alerts you can: #define WOLFSSL_ALERT_COUNT_MAX 9999
We do not reset the alert count in the code anywhere so this will eventually get tripped if enough alerts are accumulated.  The count is not reset until the WOLFSSL struct is freed.
I would recommend finding a way to fix the errors leading to alerts rather than ignoring/suppressing them.

Can you share some information about your project?  Are you working on a personal or commercial project?  Feel free to email us at support [AT] wolfssl [DOT] com if this information is sensitive.

Thanks,
Kareem

Share

3 Reply by da

  • da
  • Member
  • Offline
  • Registered: 2024-05-31
  • Posts: 4

Re: where is .options.alertCount reset?

thank you for the answer
it would be great indeed to find out why the alerts happen, but i haven't dived yet into the details of the tcp implementation
so i will indeed increase it for now to over 255, now that i know it is never reset
the app runs continuously so over time it is normal it will accumulate alerts
i will say though that it would be great if i could reset manually the alert count, so i'd like it if you could expose a method that resets the alert count
from my understanding is that the alert count is there to ward off dos attacks, but in my opinion it is one thing to get 5 alerts in 5 milliseconds and completely another to get 5 alerts over 5 days, so it would be great for all users of the library if they could keep track of the alerts themselves this way, since the user would know for how long the object existed, could keep the number of alerts in a bigger int etc, and they could decide at runtime whether they are facing a dos or not

Share

  • Registered: 2021-07-06
  • Posts: 165

Re: where is .options.alertCount reset?

Hello da,

We can look into adding a manual reset for the alert count, we will need to open a feature request for this.  Please email us at support [AT] wolfssl [DOT] com to set this up.

Thanks,
Kareem

Share