Sniffer Statistics

1. Moved sslKeyFails.
2. Added sslEphemeralMisses, sslEncryptedConns, sslDecodeFails.
3. Removed the Rehandshake stats as the sniffer does not support rehandshaking.
4. Removed two of the per second stats as they seemed redundant.
5. Added a function to atomically read and reset the sniffer statistics.

src/sniffer.c

@@ -428,10 +428,8 @@ static void UpdateMissedDataSessions(void)
 #ifdef WOLFSSL_SNIFFER_STATS
 #define LOCK_STAT() do { wc_LockMutex(&StatsMutex); } while (0)
 #define UNLOCK_STAT() do { wc_UnLockMutex(&StatsMutex); } while (0)
-
 #define NOLOCK_ADD_TO_STAT(x,y) do { TraceStat(#x, y); x += y; } while (0)
 #define NOLOCK_INC_STAT(x) NOLOCK_ADD_TO_STAT(x,1)
-
 #define ADD_TO_STAT(x,y) do { LOCK_STAT(); \
     NOLOCK_ADD_TO_STAT(x,y); UNLOCK_STAT(); } while (0)
 #define INC_STAT(x) do { LOCK_STAT(); \
@@ -1730,6 +1728,11 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
             } while (ret == WC_PENDING_E);
         }
 
+#ifdef WOLFSSL_SNIFFER_STATS
+        if (ret != 0)
+            INC_STAT(SnifferStats.sslKeyFails);
+#endif
+
         if (keyInit)
             wc_ecc_free(&key);
         if (pubKeyInit)
@@ -2357,7 +2360,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         case server_key_exchange:
 #ifdef WOLFSSL_SNIFFER_STATS
-            INC_STAT(SnifferStats.sslKeyFails);
+            INC_STAT(SnifferStats.sslEphemeralMisses);
 #endif
             Trace(GOT_SERVER_KEY_EX_STR);
             /* can't know temp key passively */
@@ -2858,6 +2861,9 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
     /* create a new SnifferSession on client SYN */
     if (tcpInfo->syn && !tcpInfo->ack) {
         TraceClientSyn(tcpInfo->sequence);
+#ifdef WOLFSSL_SNIFFER_STATS
+        INC_STAT(SnifferStats.sslEncryptedConns);
+#endif
         *session = CreateSession(ipInfo, tcpInfo, error);
         if (*session == NULL) {
             *session = GetSnifferSession(ipInfo, tcpInfo);
@@ -3231,6 +3237,9 @@ static int FindNextRecordInAssembly(SnifferSession* session,
         }
 
         Trace(DROPPING_LOST_FRAG_STR);
+#ifdef WOLFSSL_SNIFFER_STATS
+        INC_STAT(SnifferStats.sslDecodeFails);
+#endif
         prev = curr;
         curr = curr->next;
         *reassemblyMemory -= (prev->end - prev->begin + 1);
@@ -3992,6 +4001,21 @@ int ssl_ReadStatistics(SSLStats* stats)
     return 0;
 }
 
+/* Copies the SSL statistics into the provided stats record then
+ * resets the statistics tracking global structure.
+ * returns 0 on success, -1 on error */
+int ssl_ReadResetStatistics(SSLStats* stats)
+{
+    if (stats == NULL)
+        return -1;
+
+    wc_LockMutex(&StatsMutex);
+    XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
+    XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
+    wc_UnLockMutex(&StatsMutex);
+    return 0;
+}
+
 #endif /* WOLFSSL_SNIFFER_STATS */
 
 

sslSniffer/sslSnifferTest/snifftest.c

@@ -97,16 +97,10 @@ static void DumpStats(void)
 
     printf("SSL Stats (sslStandardConns):%u\n",
             sslStats.sslStandardConns);
-    printf("SSL Stats (sslRehandshakeConns):%u\n",
-            sslStats.sslRehandshakeConns);
     printf("SSL Stats (sslClientAuthConns):%u\n",
             sslStats.sslClientAuthConns);
     printf("SSL Stats (sslResumedConns):%u\n",
             sslStats.sslResumedConns);
-    printf("SSL Stats (sslResumedRehandshakeConns):%u\n",
-            sslStats.sslResumedRehandshakeConns);
-    printf("SSL Stats (sslClientAuthRehandshakeConns):%u\n",
-            sslStats.sslClientAuthRehandshakeConns);
     printf("SSL Stats (sslEphemeralMisses):%u\n",
             sslStats.sslEphemeralMisses);
     printf("SSL Stats (sslResumeMisses):%u\n",
@@ -129,14 +123,10 @@ static void DumpStats(void)
             sslStats.sslEncryptedPackets);
     printf("SSL Stats (sslDecryptedPackets):%u\n",
             sslStats.sslDecryptedPackets);
-    printf("SSL Stats (sslEncryptedConnsPerSecond):%u\n",
-            sslStats.sslEncryptedConnsPerSecond);
     printf("SSL Stats (sslKeyMatches):%u\n",
             sslStats.sslKeyMatches);
-    printf("SSL Stats (sslActiveEncryptedConnsPerSecond):%u\n",
+    printf("SSL Stats (sslEncryptedConns):%u\n",
-            sslStats.sslActiveEncryptedConnsPerSecond);
+            sslStats.sslEncryptedConns);
-    printf("SSL Stats (sslActiveFlowsPerSecond):%u\n",
-            sslStats.sslActiveFlowsPerSecond);
 }
 
 #endif

wolfssl/sniffer.h

@@ -137,11 +137,8 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx);
 typedef struct SSLStats
 {
     unsigned int sslStandardConns;
-    unsigned int sslRehandshakeConns;
     unsigned int sslClientAuthConns;
     unsigned int sslResumedConns;
-    unsigned int sslResumedRehandshakeConns;
-    unsigned int sslClientAuthRehandshakeConns;
     unsigned int sslEphemeralMisses;
     unsigned int sslResumeMisses;
     unsigned int sslCiphersUnsupported;
@@ -153,10 +150,8 @@ typedef struct SSLStats
     unsigned int sslEncryptedBytes;
     unsigned int sslEncryptedPackets;
     unsigned int sslDecryptedPackets;
-    unsigned int sslEncryptedConnsPerSecond;
     unsigned int sslKeyMatches;
-    unsigned int sslActiveEncryptedConnsPerSecond;
+    unsigned int sslEncryptedConns;
-    unsigned int sslActiveFlowsPerSecond;
 } SSLStats;
 
 
@@ -168,6 +163,10 @@ WOLFSSL_API
 SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats);
 
 
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats);
+
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif