From 5994e48b288e80be9b52ad4af5ea1e32e1f2578c Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Mon, 6 Sep 2021 20:58:35 +0900 Subject: [PATCH] nghttpx: Add more logging for token validation --- src/shrpx_quic_connection_handler.cc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/shrpx_quic_connection_handler.cc b/src/shrpx_quic_connection_handler.cc index 19f9dab1..2c04f8ff 100644 --- a/src/shrpx_quic_connection_handler.cc +++ b/src/shrpx_quic_connection_handler.cc @@ -156,6 +156,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid, &remote_addr.su.sa, remote_addr.len, secret.data()) != 0) { + if (LOG_ENABLED(INFO)) { + LOG(INFO) << "Failed to validate Retry token from remote=" + << util::to_numeric_addr(&remote_addr); + } + // 2nd Retry packet is not allowed, so send CONNECTIONC_CLOE // with INVALID_TOKEN. send_connection_close(faddr, version, &hd.dcid, &hd.scid, remote_addr, @@ -163,6 +168,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, return 0; } + if (LOG_ENABLED(INFO)) { + LOG(INFO) << "Successfully validated Retry token from remote=" + << util::to_numeric_addr(&remote_addr); + } + podcid = &odcid; token = hd.token.base; tokenlen = hd.token.len; @@ -171,9 +181,19 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr, case SHRPX_QUIC_TOKEN_MAGIC: if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa, remote_addr.len, secret.data()) != 0) { + if (LOG_ENABLED(INFO)) { + LOG(INFO) << "Failed to validate token from remote=" + << util::to_numeric_addr(&remote_addr); + } + break; } + if (LOG_ENABLED(INFO)) { + LOG(INFO) << "Successfully validated token from remote=" + << util::to_numeric_addr(&remote_addr); + } + token = hd.token.base; tokenlen = hd.token.len;