Skip to content

Add sniffer cleanup API's #8768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 15, 2025
Merged

Add sniffer cleanup API's #8768

merged 2 commits into from
May 15, 2025

Conversation

lealem47
Copy link
Contributor

@lealem47 lealem47 commented May 13, 2025
edited
Loading

Description

  • Expose RemoveStaleSessions sniffer API so that users can remove sessions that have timed-out. Currently, this function only gets called when the number of sessions reaches a certain number
  • Add ssl_RemoveSession() function. Allows users to remove/free specific TLS sessions using client/server IP & ports

Fixes zd#19853

Testing

./configure --enable-sniffer && make

Tested the new ssl_RemoveSession API with the snifftest and the patch below:

diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 8eb25affa..e1864e007 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -1360,6 +1360,9 @@ int main(int argc, char** argv)
              * bad packet was encountered */
             hadBadPacket = DecodePacket((byte*)packet, header->caplen,
                                         packetNumber,err);
+
+            if(packetNumber == 6)
+                ssl_RemoveSession("127.0.0.1",49275,"127.0.0.1",11111,err);
 #endif
         }
         /* check if we are done reading file */

And made sure the session was getting removed as expected:

./sslSniffer/sslSnifferTest/snifftest -pcap ./scripts/sniffer-tls13-ecc.pcap -key ./certs/statickeys/ecc-secp256r1.pem -server 127.0.0.1 -port 11111
snifftest 5.8.0
sniffer features: key_callback tls_v13 tls_v12 static_ephemeral sni extended_master rsa dh ecc rsa_static dh_static 

Using packet filter: (ip6 or ip) and tcp and port 11111
ssl_Decode ret = -1, Session Not Found on packet number 7
ssl_Decode ret = -1, Session Not Found on packet number 9
ssl_Decode ret = -1, Session Not Found on packet number 11
ssl_Decode ret = -1, Session Not Found on packet number 13
ssl_Decode ret = -1, Session Not Found on packet number 15
ssl_Decode ret = -1, Session Not Found on packet number 17
ssl_Decode ret = -1, Session Not Found on packet number 19
ssl_Decode ret = -1, Session Not Found on packet number 21
ssl_Decode ret = -1, Session Not Found on packet number 22
ssl_Decode ret = -1, Session Not Found on packet number 25
ssl_Decode ret = -1, Session Not Found on packet number 27
ssl_Decode ret = -1, Session Not Found on packet number 28
ssl_Decode ret = -1, Session Not Found on packet number 33
SSL App Data(60:14):hello wolfssl!
SSL App Data(62:22):I hear you fa shizzle!
SSL App Data(94:14):hello wolfssl!

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@lealem47 lealem47 self-assigned this May 13, 2025
@lealem47 lealem47 changed the title Expose RemoveStaleSessions sniffer API Add sniffer cleanup API's May 14, 2025
@lealem47
Copy link
Contributor Author

Jenkins retest this please

@lealem47 lealem47 removed their assignment May 15, 2025
@dgarske dgarske merged commit 63c3c54 into wolfSSL:master May 15, 2025
203 of 204 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lealem47 @dgarske @wolfSSL-Bot