From 5a4c1d99a32318998c6141e1517350ee1bcc50aa Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Tue, 13 May 2025 15:16:02 -0600
Subject: [PATCH 1/2] Expose RemoveStaleSessions sniffer API

---
 src/sniffer.c     | 6 ++++++
 wolfssl/sniffer.h | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/src/sniffer.c b/src/sniffer.c
index d1de5b290..dd6e5e4a6 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -5129,6 +5129,12 @@ static void RemoveStaleSessions(void)
     }
 }
 
+void ssl_RemoveStaleSessions(void)
+{
+    LOCK_SESSION();
+    RemoveStaleSessions();
+    UNLOCK_SESSION();
+}
 
 /* Create a new Sniffer Session */
 static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 929fcdc9d..189798609 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -150,6 +150,8 @@ SSL_SNIFFER_API void ssl_InitSniffer_ex2(int threadNum);
 WOLFSSL_API
 SSL_SNIFFER_API void ssl_FreeSniffer(void);
 
+WOLFSSL_API
+SSL_SNIFFER_API void ssl_RemoveStaleSessions(void);
 
 /* ssl_SetPrivateKey typeKs */
 enum {

From 4af0e14e7b5206a9208ee292aa01793ec5e822fc Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Wed, 14 May 2025 11:47:33 -0600
Subject: [PATCH 2/2] Add ssl_RemoveSession API

---
 src/sniffer.c     | 100 ++++++++++++++++++++++++++++++++++++++++++++++
 wolfssl/sniffer.h |   5 +++
 2 files changed, 105 insertions(+)

diff --git a/src/sniffer.c b/src/sniffer.c
index dd6e5e4a6..f6a43736a 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -7626,6 +7626,106 @@ int ssl_LoadSecretsFromKeyLogFile(const char* keylogfile, char* error)
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
 
 
+/*
+ * Removes a session from the SessionTable based on client/server IP & ports
+ * Returns 0 if a session was found and freed, -1 otherwise
+ */
+int ssl_RemoveSession(const char* clientIp, int clientPort,
+                      const char* serverIp, int serverPort,
+                      char* error)
+{
+    IpAddrInfo clientAddr;
+    IpAddrInfo serverAddr;
+    IpInfo ipInfo;
+    TcpInfo tcpInfo;
+    SnifferSession* session;
+    int ret = -1;  /* Default to not found */
+    word32 row;
+
+    if (clientIp == NULL || serverIp == NULL) {
+        SetError(BAD_IPVER_STR, error, NULL, 0);
+        return ret;
+    }
+
+    /* Set up client IP address */
+    clientAddr.version = IPV4;
+    clientAddr.ip4 = XINET_ADDR(clientIp);
+    if (clientAddr.ip4 == XINADDR_NONE) {
+    #ifdef FUSION_RTOS
+        if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6,
+                       sizeof(clientAddr.ip4)) == 1)
+    #else
+        if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6) == 1)
+    #endif
+        {
+            clientAddr.version = IPV6;
+        }
+        else {
+            SetError(BAD_IPVER_STR, error, NULL, 0);
+            return ret;
+        }
+    }
+
+    /* Set up server IP address */
+    serverAddr.version = IPV4;
+    serverAddr.ip4 = XINET_ADDR(serverIp);
+    if (serverAddr.ip4 == XINADDR_NONE) {
+    #ifdef FUSION_RTOS
+        if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6,
+                       sizeof(serverAddr.ip4)) == 1)
+    #else
+        if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6) == 1)
+    #endif
+        {
+            serverAddr.version = IPV6;
+        }
+        else {
+            SetError(BAD_IPVER_STR, error, NULL, 0);
+            return ret;
+        }
+    }
+
+    XMEMSET(&ipInfo, 0, sizeof(ipInfo));
+    XMEMSET(&tcpInfo, 0, sizeof(tcpInfo));
+
+    /* Set up client->server direction */
+    ipInfo.src = clientAddr;
+    ipInfo.dst = serverAddr;
+    tcpInfo.srcPort = clientPort;
+    tcpInfo.dstPort = serverPort;
+
+    /* Calculate the hash row for this session */
+    row = SessionHash(&ipInfo, &tcpInfo);
+
+    LOCK_SESSION();
+
+    /* Search only the specific row in the session table */
+    session = SessionTable[row];
+
+    while (session) {
+        SnifferSession* next = session->next;
+
+        /* Check if this session matches the specified client/server IP/port */
+        if (MatchAddr(session->client, clientAddr) &&
+            MatchAddr(session->server, serverAddr) &&
+            session->cliPort == clientPort &&
+            session->srvPort == serverPort) {
+
+            /* Use RemoveSession to remove and free the session */
+            RemoveSession(session, NULL, NULL, row);
+            ret = 0;  /* Session found and freed */
+            break;
+        }
+
+        session = next;
+    }
+
+    UNLOCK_SESSION();
+
+    return ret;
+}
+
+
 #undef ERROR_OUT
 
 #endif /* WOLFSSL_SNIFFER */
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 189798609..81543d44e 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -345,6 +345,11 @@ typedef int (*SSLSnifferSecretCb)(unsigned char* client_random,
 
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
 
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_RemoveSession(const char* clientIp, int clientPort,
+                                      const char* serverIp, int serverPort,
+                                      char* error);
+
 
 #ifdef __cplusplus
     }  /* extern "C" */