Sniffer Statistics

Added more of the statistics.

src/sniffer.c

@@ -1932,10 +1932,13 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     }
 #endif
 
-    if (session->sslServer->options.haveSessionId &&
+    if (session->sslServer->options.haveSessionId) {
-            XMEMCMP(session->sslServer->arrays->sessionID,
+        if (XMEMCMP(session->sslServer->arrays->sessionID,
                     session->sslClient->arrays->sessionID, ID_LEN) == 0)
-        doResume = 1;
+            doResume = 1;
+        else if (session->sslClient->options.haveSessionId)
+            INC_STAT(SnifferStats.sslResumeMisses);
+    }
     else if (session->sslClient->options.haveSessionId == 0 &&
              session->sslServer->options.haveSessionId == 0 &&
              session->ticketID)
@@ -1962,6 +1965,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         session->flags.resuming = 1;
 
         Trace(SERVER_DID_RESUMPTION_STR);
+        INC_STAT(SnifferStats.sslResumedConns);
         if (SetCipherSpecs(session->sslServer) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             return -1;
@@ -1988,6 +1992,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
             return -1;
         }
     }
+    else {
+        INC_STAT(SnifferStats.sslStandardConns);
+    }
 #ifdef SHOW_SECRETS
     {
         int i;
@@ -2305,6 +2312,8 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         case certificate:
             Trace(GOT_CERT_STR);
+            if (session->flags.side == WOLFSSL_CLIENT_END)
+                INC_STAT(SnifferStats.sslClientAuthConns);
             break;
         case server_hello_done:
             Trace(GOT_SERVER_HELLO_DONE_STR);

sslSniffer/sslSnifferTest/snifftest.c

@@ -89,6 +89,14 @@ static void FreeAll(void)
 
 static void sig_handler(const int sig)
 {
+    SSLStats sslStats;
+    ssl_ReadStatistics(&sslStats);
+    printf("SSL Stats (sslStandardConns):%u\n", sslStats.sslStandardConns);
+    printf("SSL Stats (sslClientAuthConns):%u\n", sslStats.sslClientAuthConns);
+    printf("SSL Stats (sslResumedConns):%u\n", sslStats.sslResumedConns);
+    printf("SSL Stats (sslResumeMisses):%u\n", sslStats.sslResumeMisses);
+    printf("SSL Stats (sslAlerts):%u\n", sslStats.sslAlerts);
+
     printf("SIGINT handled = %d.\n", sig);
     FreeAll();
     if (sig)

wolfssl/sniffer.h

@@ -137,11 +137,11 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx);
 typedef struct SSLStats
 {
     unsigned int sslStandardConns;
-    unsigned int sslRehandshakeConns;
+    unsigned int sslRehandshakeConns; /* unsupported */
     unsigned int sslClientAuthConns;
     unsigned int sslResumedConns;
-    unsigned int sslResumedRehandshakeConns;
+    unsigned int sslResumedRehandshakeConns; /* unsupported */
-    unsigned int sslClientAuthRehandshakeConns;
+    unsigned int sslClientAuthRehandshakeConns; /* unsupported */
     unsigned int sslEphemeralMisses;
     unsigned int sslResumeMisses;
     unsigned int sslCiphersUnsupported;
@@ -153,9 +153,9 @@ typedef struct SSLStats
     unsigned int sslEncryptedBytes;
     unsigned int sslEncryptedPackets;
     unsigned int sslDecryptedPackets;
-    unsigned int sslEncryptedConns;
-    unsigned int sslKeyMatches;
     unsigned int sslEncryptedConnsPerSecond;
+    unsigned int sslKeyMatches;
+    unsigned int sslActiveEncryptedConnsPerSecond;
     unsigned int sslActiveFlowsPerSecond;
 } SSLStats;