diff --git a/src/sniffer.c b/src/sniffer.c index 25a46ef09..d28b91599 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -240,7 +240,10 @@ static const char* const msgTable[] = "Late Key Load Error", "Got Certificate Status msg", "RSA Key Missing Error", - "Secure Renegotiation Not Supported" + "Secure Renegotiation Not Supported", + + /* 76 */ + "Get Session Stats Failure" }; @@ -357,6 +360,13 @@ static SnifferSession* SessionTable[HASH_SIZE]; static wolfSSL_Mutex SessionMutex; static int SessionCount = 0; +/* Recovery of missed data switches and stats */ +static wolfSSL_Mutex RecoveryMutex; /* for stats */ +static int RecoveryEnabled = 0; /* global switch */ +static int MaxRecoveryMemory = -1; /* per session max recovery memory */ +static word32 MissedDataSessions = 0; /* # of sessions with missed data */ +static word32 ReassemblyMemory = 0; /* total reassembly memory in use */ + /* Initialize overall Sniffer */ void ssl_InitSniffer(void) @@ -364,6 +374,7 @@ void ssl_InitSniffer(void) wolfSSL_Init(); InitMutex(&ServerListMutex); InitMutex(&SessionMutex); + InitMutex(&RecoveryMutex); } @@ -485,6 +496,7 @@ void ssl_FreeSniffer(void) UnLockMutex(&SessionMutex); UnLockMutex(&ServerListMutex); + FreeMutex(&RecoveryMutex); FreeMutex(&SessionMutex); FreeMutex(&ServerListMutex); @@ -2980,6 +2992,49 @@ int ssl_Trace(const char* traceFile, char* error) } +/* Enables/Disables Recovery of missed data if later packets allow + * maxMemory is number of bytes to use for reassembly buffering per session, + * -1 means unlimited + * returns 0 on success, -1 on error */ +int ssl_EnableRecovery(int onOff, int maxMemory, char* error) +{ + (void)error; + + RecoveryEnabled = onOff; + if (onOff) + MaxRecoveryMemory = maxMemory; + + return 0; +} + + + +int ssl_GetSessionStats(unsigned int* active, unsigned int* total, + unsigned int* peak, unsigned int* maxSessions, + unsigned int* missedData, unsigned int* reassemblyMem, + char* error) +{ + int ret; + + LockMutex(&RecoveryMutex); + + if (missedData) + *missedData = MissedDataSessions; + if (reassemblyMem) + *reassemblyMem = ReassemblyMemory; + + UnLockMutex(&RecoveryMutex); + + ret = wolfSSL_get_session_stats(active, total, peak, maxSessions); + + if (ret == SSL_SUCCESS) + return 0; + else { + SetError(BAD_SESSION_STATS, error, NULL, 0); + return -1; + } +} + #endif /* WOLFSSL_SNIFFER */ diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h index a14f883ff..495045d71 100644 --- a/wolfssl/sniffer.h +++ b/wolfssl/sniffer.h @@ -40,10 +40,10 @@ extern "C" { #endif -/* @param typeK: (formerly keyType) was shadowing a global declaration in +/* @param typeK: (formerly keyType) was shadowing a global declaration in * wolfssl/wolfcrypt/asn.h line 175 */ -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, const char* keyFile, int typeK, const char* password, char* error); @@ -54,19 +54,30 @@ SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, const char* keyFile, int typeK, const char* password, char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, unsigned char* data, char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); - - + +WOLFSSL_API +SSL_SNIFFER_API int ssl_EnableRecovery(int onOff, int maxMemory, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active, + unsigned int* total, + unsigned int* peak, + unsigned int* maxSessions, + unsigned int* missedData, + unsigned int* reassemblyMemory, + char* error); + WOLFSSL_API void ssl_InitSniffer(void); - + WOLFSSL_API void ssl_FreeSniffer(void); - + /* ssl_SetPrivateKey typeKs */ enum { FILETYPE_PEM = 1, diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index 56fada416..e459ec858 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -101,13 +101,15 @@ #define BAD_COMPRESSION_STR 67 #define BAD_DERIVE_STR 68 #define ACK_MISSED_STR 69 -#define BAD_DECRYPT 70 +#define BAD_DECRYPT 70 #define DECRYPT_KEYS_NOT_SETUP 71 #define CLIENT_HELLO_LATE_KEY_STR 72 #define GOT_CERT_STATUS_STR 73 #define RSA_KEY_MISSING_STR 74 #define NO_SECURE_RENEGOTIATION 75 + +#define BAD_SESSION_STATS 76 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc index 3c748193e..8b942b257 100644 --- a/wolfssl/sniffer_error.rc +++ b/wolfssl/sniffer_error.rc @@ -90,5 +90,7 @@ STRINGTABLE 73, "Got Certificate Status msg" 74, "RSA Key Missing Error" 75, "Secure Renegotiation Not Supported" + + 76, "Get Session Stats Failure" } diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5a8ce7b01..3aa6a8d03 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -932,11 +932,20 @@ static char *fgets(char *buff, int sz, FILE *fp) #endif -/* sniffer requires static RSA cipher suites */ +/* sniffer requires: + * static RSA cipher suites + * session stats and peak stats + */ #ifdef WOLFSSL_SNIFFER #ifndef WOLFSSL_STATIC_RSA #define WOLFSSL_STATIC_RSA #endif + #ifndef WOLFSSL_SESSION_STATS + #define WOLFSSL_SESSION_STATS + #endif + #ifndef WOLFSSL_PEAK_SESSIONS + #define WOLFSSL_PEAK_SESSIONS + #endif #endif /* Place any other flags or defines here */