From ac139dfe49a8a8e37e1c310f2efec4ee9c4e2fd1 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Thu, 1 May 2025 14:27:35 -0400 Subject: [PATCH] Sniffer: Add multiple sessions by removing cached check --- .wolfssl_known_macro_extras | 1 + src/sniffer.c | 23 ++++++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 3e728fa5f..490fdb587 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -449,6 +449,7 @@ SL_SE_KEY_TYPE_ECC_P521 SL_SE_KEY_TYPE_ECC_X25519 SL_SE_KEY_TYPE_ECC_X448 SL_SE_PRF_HMAC_SHA1 +SNIFFER_SINGLE_SESSION_CACHE SOFTDEVICE_PRESENT SO_NOSIGPIPE SO_REUSEPORT diff --git a/src/sniffer.c b/src/sniffer.c index 4d0c8e1ca..d1de5b290 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -27,6 +27,7 @@ /* Build Options: * WOLFSSL_SNIFFER_NO_RECOVERY: Do not track missed data count. + * SNIFFER_SINGLE_SESSION_CACHE: Do not cache more than one session. */ @@ -446,7 +447,6 @@ typedef struct Flags { byte serverCipherOn; /* indicates whether cipher is active */ byte clientCipherOn; /* indicates whether cipher is active */ byte resuming; /* did this session come from resumption */ - byte cached; /* have we cached this session yet */ byte clientHello; /* processed client hello yet, for SSLv2 */ byte finCount; /* get both FINs before removing */ byte fatalError; /* fatal error state */ @@ -462,6 +462,9 @@ typedef struct Flags { #ifdef WOLFSSL_ASYNC_CRYPT byte wasPolled; #endif +#ifdef SNIFFER_SINGLE_SESSION_CACHE + byte cached; /* have we cached this session yet */ +#endif } Flags; @@ -3466,6 +3469,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, if (IsAtLeastTLSv1_3(ssl->version)) { /* Note: Must use server session for sessions */ #ifdef HAVE_SESSION_TICKET + WOLFSSL_SESSION* sess; if (SetTicket(session->sslServer, input, len) != 0) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; @@ -3474,10 +3478,11 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* set haveSessionId to use the wolfSession cache */ session->sslServer->options.haveSessionId = 1; + #ifdef SNIFFER_SINGLE_SESSION_CACHE /* Use the wolf Session cache to retain resumption secret */ if (session->flags.cached == 0) { - WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, - NULL, 0); + #endif /* SNIFFER_SINGLE_SESSION_CACHE */ + sess = wolfSSL_GetSession(session->sslServer, NULL, 0); if (sess == NULL) { SetupSession(session->sslServer); AddSession(session->sslServer); /* don't re add */ @@ -3485,8 +3490,10 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, INC_STAT(SnifferStats.sslResumptionInserts); #endif } + #ifdef SNIFFER_SINGLE_SESSION_CACHE session->flags.cached = 1; } + #endif /* SNIFFER_SINGLE_SESSION_CACHE */ #endif /* HAVE_SESSION_TICKET */ } else @@ -4405,7 +4412,11 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, return ret; } - if (ret == 0 && session->flags.cached == 0) { + if (ret == 0 + #ifdef SNIFFER_SINGLE_SESSION_CACHE + && session->flags.cached == 0 + #endif + ) { if (session->sslServer->options.haveSessionId) { #ifndef NO_SESSION_CACHE WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, NULL, 0); @@ -4416,7 +4427,9 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, INC_STAT(SnifferStats.sslResumptionInserts); #endif } - session->flags.cached = 1; + #ifdef SNIFFER_SINGLE_SESSION_CACHE + session->flags.cached = 1; + #endif #endif } }