Mercurial > hg > nginx-quic
diff src/event/ngx_event_quic_protection.c @ 7836:2f900ae486bc quic
Debug cleanup.
+ all dumps are moved under one of the following macros (undefined by default):
NGX_QUIC_DEBUG_PACKETS
NGX_QUIC_DEBUG_FRAMES
NGX_QUIC_DEBUG_FRAMES_ALLOC
NGX_QUIC_DEBUG_CRYPTO
+ all QUIC debug messages got "quic " prefix
+ all input frames are reported as "quic frame in FOO_FRAME bar:1 baz:2"
+ all outgoing frames re reported as "quic frame out foo bar baz"
+ all stream operations are prefixed with id, like: "quic stream id 0x33 recv"
+ all transport parameters are prefixed with "quic tp"
(hex dump is moved to caller, to avoid using ngx_cycle->log)
+ packet flags and some other debug messages are updated to
include packet type
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 24 Apr 2020 10:11:47 +0300 |
parents | aba84d9ab256 |
children | f175006124d0 |
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -156,8 +156,10 @@ ngx_quic_set_initial_secret(ngx_pool_t * .len = is_len }; +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); +#endif /* draft-ietf-quic-tls-23#section-5.2 */ client->secret.len = SHA256_DIGEST_LENGTH; @@ -263,8 +265,10 @@ ngx_quic_hkdf_expand(ngx_pool_t *pool, c return NGX_ERROR; } +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump(pool->log, "%V info", info, info_len, label); ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label); +#endif return NGX_OK; } @@ -761,21 +765,21 @@ ngx_quic_create_long_packet(ngx_quic_hea out.data = res->data + ad.len; +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); +#endif if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { return NGX_ERROR; } - ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, - "ngx_quic_create_long_packet: number %L, encoded %d:0x%xD", - pkt->number, (int) pkt->num_len, pkt->trunc); - ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); +#endif if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, nonce, &pkt->payload, &ad, pkt->log) @@ -791,8 +795,10 @@ ngx_quic_create_long_packet(ngx_quic_hea return NGX_ERROR; } +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "sample", sample, 16); ngx_quic_hexdump0(pkt->log, "mask", mask, 5); +#endif /* quic-tls: 5.4.1. Header Protection Application */ ad.data[0] ^= mask[0] & 0x0f; @@ -824,21 +830,26 @@ ngx_quic_create_short_packet(ngx_quic_he out.data = res->data + ad.len; +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); +#endif if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { return NGX_ERROR; } ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, - "ngx_quic_create_short_packet: number %L, encoded %d:0x%xD", - pkt->number, (int) pkt->num_len, pkt->trunc); + "quic ngx_quic_create_short_packet: number %L," + " encoded %d:0x%xD", pkt->number, (int) pkt->num_len, + pkt->trunc); ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); +#endif if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, nonce, &pkt->payload, &ad, pkt->log) @@ -854,8 +865,10 @@ ngx_quic_create_short_packet(ngx_quic_he return NGX_ERROR; } +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "sample", sample, 16); ngx_quic_hexdump0(pkt->log, "mask", mask, 5); +#endif /* quic-tls: 5.4.1. Header Protection Application */ ad.data[0] ^= mask[0] & 0x1f; @@ -963,7 +976,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, sample = p + 4; +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "sample", sample, 16); +#endif /* header protection */ @@ -991,7 +1006,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, pkt->pn = pn; +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "mask", mask, 5); +#endif + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, "quic clear flags: %xi", clearflags); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, @@ -1021,8 +1039,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_memcpy(nonce, secret->iv.data, secret->iv.len); ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); +#ifdef NGX_QUIC_DEBUG_CRYPTO ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); +#endif pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; @@ -1035,8 +1055,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, nonce, &in, &ad, pkt->log); +#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) ngx_quic_hexdump0(pkt->log, "packet payload", pkt->payload.data, pkt->payload.len); +#endif return rc; }