Merge branch 'master' of github.com:cyassl/cyassl

src/sniffer.c

@@ -1110,6 +1110,8 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
     XMEMCPY(session->sslServer->arrays.sessionID, input, ID_LEN);
     input     += b;
     *sslBytes -= b;
+    if (b)
+        session->sslServer->options.haveSessionId = 1;
     
     (void)*input++;  /* eat first byte, always 0 */
     b = *input++;
@@ -1117,8 +1119,9 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
     session->sslClient->options.cipherSuite = b;
     *sslBytes -= SUITE_LEN;
     
-    if (XMEMCMP(session->sslServer->arrays.sessionID,
+    if (session->sslServer->options.haveSessionId &&
-               session->sslClient->arrays.sessionID, ID_LEN) == 0) {
+                XMEMCMP(session->sslServer->arrays.sessionID,
+                        session->sslClient->arrays.sessionID, ID_LEN) == 0) {
         /* resuming */
         SSL_SESSION* resume = GetSession(session->sslServer,
                                        session->sslServer->arrays.masterSecret);
@@ -1271,6 +1274,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                 ret = DoFinished(ssl, input, &inOutIdx, SNIFF);
                 
                 if (ret == 0 && session->flags.cached == 0) {
+                    session->sslServer->options.haveSessionId = 1;
                     AddSession(session->sslServer);
                     session->flags.cached = 1;
                 }

sslSniffer/sslSnifferTest/snifftest.c

@@ -128,80 +128,113 @@ int main(int argc, char** argv)
 #endif
     ssl_Trace("./tracefile.txt", err);
 
-	if (pcap_findalldevs(&alldevs, err) == -1)
+    if (argc == 1) {
-		err_sys("Error in pcap_findalldevs");
+        /* normal case, user chooses device and port */
 
-	for (d = alldevs; d; d=d->next) {
+	    if (pcap_findalldevs(&alldevs, err) == -1)
-		printf("%d. %s", ++i, d->name);
+		    err_sys("Error in pcap_findalldevs");
-		if (d->description)
-			printf(" (%s)\n", d->description);
-		else
-			printf(" (No description available)\n");
-	}
 
-	if (i == 0)
+	    for (d = alldevs; d; d=d->next) {
-		err_sys("No interfaces found! Make sure pcap or WinPcap is installed "
+		    printf("%d. %s", ++i, d->name);
-                "correctly and you have sufficient permissions");
+		    if (d->description)
+			    printf(" (%s)\n", d->description);
+		    else
+			    printf(" (No description available)\n");
+	    }
 
-	printf("Enter the interface number (1-%d): ", i);
+	    if (i == 0)
-	scanf("%d", &inum);
+		    err_sys("No interfaces found! Make sure pcap or WinPcap is"
+                    " installed correctly and you have sufficient permissions");
 
-	if (inum < 1 || inum > i)
+	    printf("Enter the interface number (1-%d): ", i);
-		err_sys("Interface number out of range");
+	    scanf("%d", &inum);
 
-	/* Jump to the selected adapter */
+	    if (inum < 1 || inum > i)
-	for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
+		    err_sys("Interface number out of range");
 
-	pcap = pcap_create(d->name, err);
+	    /* Jump to the selected adapter */
+	    for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
 
-    if (pcap == NULL) printf("pcap_create failed %s\n", err);
+	    pcap = pcap_create(d->name, err);
 
-	if (d->flags & PCAP_IF_LOOPBACK)
+        if (pcap == NULL) printf("pcap_create failed %s\n", err);
-		loopback = 1;
 
-	/* get an IPv4 address */
+	    if (d->flags & PCAP_IF_LOOPBACK)
-	for (a = d->addresses; a; a = a->next) {
+		    loopback = 1;
-		switch(a->addr->sa_family)
-		{
-			case AF_INET:
-				server =iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
-				printf("server = %s\n", server);
-				break;
-		}
-	}
-	if (server == NULL)
-		err_sys("Unable to get device IPv4 address");
 
-    ret = pcap_set_snaplen(pcap, 65536);
+	    /* get an IPv4 address */
-    if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
+	    for (a = d->addresses; a; a = a->next) {
+		    switch(a->addr->sa_family)
+		    {
+			    case AF_INET:
+				    server = 
+                        iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
+				    printf("server = %s\n", server);
+				    break;
+		    }
+	    }
+	    if (server == NULL)
+		    err_sys("Unable to get device IPv4 address");
 
-    ret = pcap_set_timeout(pcap, 1000); 
+        ret = pcap_set_snaplen(pcap, 65536);
-    if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
+        if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
 
-    ret = pcap_set_buffer_size(pcap, 1000000); 
+        ret = pcap_set_timeout(pcap, 1000); 
-    if (ret != 0)
+        if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
-		printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
 
-    ret = pcap_set_promisc(pcap, 1); 
+        ret = pcap_set_buffer_size(pcap, 1000000); 
-    if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+		    printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
+
+        ret = pcap_set_promisc(pcap, 1); 
+        if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
 
 
-    ret = pcap_activate(pcap);
+        ret = pcap_activate(pcap);
-    if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
+        if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
 
-	printf("Enter the port to scan: ");
+	    printf("Enter the port to scan: ");
-	scanf("%d", &port);
+	    scanf("%d", &port);
 
-	SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
+	    SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
 
-	ret = pcap_compile(pcap, &fp, filter, 0, 0);
+	    ret = pcap_compile(pcap, &fp, filter, 0, 0);
-    if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+        if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
 
-    ret = pcap_setfilter(pcap, &fp);
+        ret = pcap_setfilter(pcap, &fp);
-    if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+        if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+
+        ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
+                               FILETYPE_PEM, NULL, err);
+    }
+    else if (argc >= 3) {
+        pcap = pcap_open_offline(argv[1], err);
+        if (pcap == NULL) {
+            printf("pcap_open_offline failed %s\n", err);
+            ret = -1;
+        }
+        else {
+            /* defaults for server and port */
+            port = 443;
+            server = "127.0.0.1";
+
+            if (argc >= 4)
+                server = argv[3];
+
+            if (argc >= 5)
+                port = atoi(argv[4]);
+
+            ret = ssl_SetPrivateKey(server, port, argv[2],
+                                    FILETYPE_PEM, NULL, err);
+        }
+    }
+    else {
+        /* usage error */
+        printf(
+             "usage: ./snifftest or ./snifftest dump pemKey [server] [port]\n");
+        exit(EXIT_FAILURE);
+    }
 
-    ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
-                            FILETYPE_PEM, NULL, err);
     if (ret != 0)
         err_sys(err);