HTTPS/TLS issue on a NDIS wrapped NIC

Simone Lombardo evil.lombo at gmail.com
Sat Feb 7 14:05:51 UTC 2015


Hi,

I am currently facing an issue and I don't know how to investigate and
address it.

I am currently using the release FreeBSD 10.1 on a laptop having a
RTL8188CE chipset as wireless chipset. Native driver is not avaiable so I
am using the NDIS 5.1 driver via the NDIS wrapper.

The wrapper is working fine for most application protocols, except when
using HTTPS/TLS on browsers. In this case, the following situations arise:
- Sistematically, HTTPS/TLS communication near immediately fails when
trying to upload a binary file (e.g. an image on a image hosting site).
Monitoring via tcpdump/wireshark shows encrypted alerts (21) and the
connection is reset by the remote peer. Since the first point is recurring,
I am going to setup a test web server in order to decrypt the payload and
read the encrypted alert.

- Randomly, HTTPS/TLS communication enter in a retrasmission loop, stalling
all other HTTPS/TLS connections. Monitor via tcpdump/wireshark shows high
density of duplicate ACKs and after a while the TCP stack initiate a
retransmission keeping the connection stalled until the remote host does
not reset the connection and the buffers are flushed.

The issue is not present when using an usb wireless dongle or the bundled
wired card where native driver is avaiable, so it seems specific to ndis
wrapper, though I have no other wireless cards to try atm. Tried to tune
tcp settings via sysctl, but I have not gain results yet.

Any indications or hints on where I should look to discover the origin of
the issue (especially for the second point), is greatly appreciated.

Best regards,

Simone


More information about the freebsd-questions mailing list