walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Add more logging for token validation

This commit is contained in:
Tatsuhiro Tsujikawa 2021-09-06 20:58:35 +09:00
parent 50662c9c9e
commit 5994e48b28
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/shrpx_quic_connection_handler.cc
View File

@ -156,6 +156,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid, if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid,
&remote_addr.su.sa, remote_addr.len, &remote_addr.su.sa, remote_addr.len,
secret.data()) != 0) { secret.data()) != 0) {
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Failed to validate Retry token from remote="
<< util::to_numeric_addr(&remote_addr);
}
// 2nd Retry packet is not allowed, so send CONNECTIONC_CLOE // 2nd Retry packet is not allowed, so send CONNECTIONC_CLOE
// with INVALID_TOKEN. // with INVALID_TOKEN.
send_connection_close(faddr, version, &hd.dcid, &hd.scid, remote_addr, send_connection_close(faddr, version, &hd.dcid, &hd.scid, remote_addr,
@ -163,6 +168,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
return 0; return 0;
} }
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Successfully validated Retry token from remote="
<< util::to_numeric_addr(&remote_addr);
}
podcid = &odcid; podcid = &odcid;
token = hd.token.base; token = hd.token.base;
tokenlen = hd.token.len; tokenlen = hd.token.len;
@ -171,9 +181,19 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
case SHRPX_QUIC_TOKEN_MAGIC: case SHRPX_QUIC_TOKEN_MAGIC:
if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa, if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa,
remote_addr.len, secret.data()) != 0) { remote_addr.len, secret.data()) != 0) {
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Failed to validate token from remote="
<< util::to_numeric_addr(&remote_addr);
}
break; break;
} }
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Successfully validated token from remote="
<< util::to_numeric_addr(&remote_addr);
}
token = hd.token.base; token = hd.token.base;
tokenlen = hd.token.len; tokenlen = hd.token.len;