diff --git a/src/sniffer.c b/src/sniffer.c index 1f905e634..bfacbf8f0 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1932,10 +1932,13 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, } #endif - if (session->sslServer->options.haveSessionId && - XMEMCMP(session->sslServer->arrays->sessionID, + if (session->sslServer->options.haveSessionId) { + if (XMEMCMP(session->sslServer->arrays->sessionID, session->sslClient->arrays->sessionID, ID_LEN) == 0) - doResume = 1; + doResume = 1; + else if (session->sslClient->options.haveSessionId) + INC_STAT(SnifferStats.sslResumeMisses); + } else if (session->sslClient->options.haveSessionId == 0 && session->sslServer->options.haveSessionId == 0 && session->ticketID) @@ -1962,6 +1965,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, session->flags.resuming = 1; Trace(SERVER_DID_RESUMPTION_STR); + INC_STAT(SnifferStats.sslResumedConns); if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); return -1; @@ -1988,6 +1992,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, return -1; } } + else { + INC_STAT(SnifferStats.sslStandardConns); + } #ifdef SHOW_SECRETS { int i; @@ -2305,6 +2312,8 @@ static int DoHandShake(const byte* input, int* sslBytes, break; case certificate: Trace(GOT_CERT_STR); + if (session->flags.side == WOLFSSL_CLIENT_END) + INC_STAT(SnifferStats.sslClientAuthConns); break; case server_hello_done: Trace(GOT_SERVER_HELLO_DONE_STR); diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index da9e0826b..5aadccae6 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -89,6 +89,14 @@ static void FreeAll(void) static void sig_handler(const int sig) { + SSLStats sslStats; + ssl_ReadStatistics(&sslStats); + printf("SSL Stats (sslStandardConns):%u\n", sslStats.sslStandardConns); + printf("SSL Stats (sslClientAuthConns):%u\n", sslStats.sslClientAuthConns); + printf("SSL Stats (sslResumedConns):%u\n", sslStats.sslResumedConns); + printf("SSL Stats (sslResumeMisses):%u\n", sslStats.sslResumeMisses); + printf("SSL Stats (sslAlerts):%u\n", sslStats.sslAlerts); + printf("SIGINT handled = %d.\n", sig); FreeAll(); if (sig) diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h index 96371fcfe..66a78f005 100644 --- a/wolfssl/sniffer.h +++ b/wolfssl/sniffer.h @@ -137,11 +137,11 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx); typedef struct SSLStats { unsigned int sslStandardConns; - unsigned int sslRehandshakeConns; + unsigned int sslRehandshakeConns; /* unsupported */ unsigned int sslClientAuthConns; unsigned int sslResumedConns; - unsigned int sslResumedRehandshakeConns; - unsigned int sslClientAuthRehandshakeConns; + unsigned int sslResumedRehandshakeConns; /* unsupported */ + unsigned int sslClientAuthRehandshakeConns; /* unsupported */ unsigned int sslEphemeralMisses; unsigned int sslResumeMisses; unsigned int sslCiphersUnsupported; @@ -153,9 +153,9 @@ typedef struct SSLStats unsigned int sslEncryptedBytes; unsigned int sslEncryptedPackets; unsigned int sslDecryptedPackets; - unsigned int sslEncryptedConns; - unsigned int sslKeyMatches; unsigned int sslEncryptedConnsPerSecond; + unsigned int sslKeyMatches; + unsigned int sslActiveEncryptedConnsPerSecond; unsigned int sslActiveFlowsPerSecond; } SSLStats;