From 14ddfa689436caaab671ee9280e35d6b18c4741b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 22 Apr 2021 14:28:10 +0700 Subject: [PATCH] add fatal error return value for sniffer --- src/sniffer.c | 39 ++++++++++++++++++++++++++++----------- wolfssl/sniffer_error.h | 7 +++++++ 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index eb2bbf4f3..c5bfb7640 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -5335,7 +5335,10 @@ static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo, /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ -/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ +/* returns Number of bytes on success, 0 for no data yet, and + * WOLFSSL_SNIFFER_ERROR on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state + * error + */ static int ssl_DecodePacketInternal(const byte* packet, int length, void* vChain, word32 chainSz, byte** data, SSLInfo* sslInfo, @@ -5363,13 +5366,14 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, error) != 0) - return -1; + return WOLFSSL_SNIFFER_ERROR; end = sslFrame + sslBytes; ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; - else if (ret == -1) return -1; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) + return WOLFSSL_SNIFFER_FATAL_ERROR; + else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS if (sslBytes > 0) { @@ -5385,8 +5389,9 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, } ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; - else if (ret == -1) return -1; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) + return WOLFSSL_SNIFFER_FATAL_ERROR; + else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); @@ -5396,8 +5401,9 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, &end, vChain, chainSz, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; - else if (ret == -1) return -1; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) + return WOLFSSL_SNIFFER_FATAL_ERROR; + else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); @@ -5417,7 +5423,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, #endif ret = ProcessMessage(sslFrame, session, sslBytes, data, end, ctx, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) + return WOLFSSL_SNIFFER_FATAL_ERROR; if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) { CopySessionInfo(session, sslInfo); } @@ -5427,7 +5434,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ -/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ +/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR. + * on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */ /* Also returns Session Info if available */ int ssl_DecodePacketWithSessionInfo(const unsigned char* packet, int length, unsigned char** data, SSLInfo* sslInfo, char* error) @@ -5438,7 +5446,8 @@ int ssl_DecodePacketWithSessionInfo(const unsigned char* packet, int length, /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ -/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ +/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR. + * on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error) { return ssl_DecodePacketInternal(packet, length, NULL, 0, data, NULL, NULL, @@ -5448,6 +5457,8 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error) #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB +/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR. + * on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet, int length, void* ctx, SSLInfo* sslInfo, char* error) { @@ -5460,6 +5471,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet, #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT +/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR. + * on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */ int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data, char* error) { @@ -5473,6 +5486,10 @@ int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data, #if defined(WOLFSSL_SNIFFER_CHAIN_INPUT) && \ defined(WOLFSSL_SNIFFER_STORE_DATA_CB) +/* + * returns WOLFSSL_SNIFFER_ERROR on error and WOLFSSL_SNIFFER_FATAL_ERROR on + * fatal state error + */ int ssl_DecodePacketWithChainSessionInfoStoreData(void* vChain, word32 chainSz, void* ctx, SSLInfo* sslInfo, char* error) { diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index e8411af4b..a0788f9bc 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -24,6 +24,13 @@ #ifndef WOLFSSL_SNIFFER_ERROR_H #define WOLFSSL_SNIFFER_ERROR_H + +/* General Sniffer Error */ +#define WOLFSSL_SNIFFER_ERROR -1 + +/* Sniffer failed and is in Fatal state */ +#define WOLFSSL_SNIFFER_FATAL_ERROR -2 + /* need to have errors as #defines since .rc files can't handle enums */ /* need to start at 1 and go in order for same reason */