Skip to content

N
nghttp2
Commit 5994e48b authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa
Browse files
Options

nghttpx: Add more logging for token validation

parent 50662c9c
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 0 deletions
src/shrpx_quic_connection_handler.cc
View file @ 5994e48b
......@@ -156,6 +156,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid,
&remote_addr.su.sa, remote_addr.len,
secret.data()) != 0) {
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Failed to validate Retry token from remote="
<< util::to_numeric_addr(&remote_addr);
}
// 2nd Retry packet is not allowed, so send CONNECTIONC_CLOE
// with INVALID_TOKEN.
send_connection_close(faddr, version, &hd.dcid, &hd.scid, remote_addr,
......@@ -163,6 +168,11 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
return 0;
}
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Successfully validated Retry token from remote="
<< util::to_numeric_addr(&remote_addr);
}
podcid = &odcid;
token = hd.token.base;
tokenlen = hd.token.len;
......@@ -171,9 +181,19 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
case SHRPX_QUIC_TOKEN_MAGIC:
if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa,
remote_addr.len, secret.data()) != 0) {
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Failed to validate token from remote="
<< util::to_numeric_addr(&remote_addr);
}
break;
}
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Successfully validated token from remote="
<< util::to_numeric_addr(&remote_addr);
}
token = hd.token.base;
tokenlen = hd.token.len;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment