[Openvpn-devel] Log pre-handshake packet drops using D_MULTI_DROPPED

Message ID 20180211101929.4535-1-steffan@karger.me
State Accepted
Headers show
Series
  • [Openvpn-devel] Log pre-handshake packet drops using D_MULTI_DROPPED
Related show

Commit Message

Steffan Karger Feb. 11, 2018, 10:19 a.m.
We have a debug level packets dropped by the TLS layer - use that for this
packet drop too.  This changes this message from 'verb 3' to 'verb 4'
(which should result in less user reports about this almost always
harmless warning).

Signed-off-by: Steffan Karger <steffan@karger.me>
---
 src/openvpn/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Gert Doering Feb. 20, 2018, 9:12 a.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"because the reasoning make sense, and the code change is trivial enough"

Your patch has been applied to the master and release/2.4 branch.

commit c215c58f2393e881e16f9805549316a1e257a682 (master)
commit 38595e9b1f337ee22a94154323eb14408ed86ef8 (release/2.4)
Author: Steffan Karger
Date:   Sun Feb 11 11:19:29 2018 +0100

     Log pre-handshake packet drops using D_MULTI_DROPPED

     Signed-off-by: Steffan Karger <steffan@karger.me>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20180211101929.4535-1-steffan@karger.me>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16477.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 676d0b90..d758c31a 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3361,7 +3361,7 @@  tls_pre_decrypt(struct tls_multi *multi,
                 {
                     if (!ks->crypto_options.key_ctx_bi.initialized)
                     {
-                        msg(D_TLS_DEBUG_LOW,
+                        msg(D_MULTI_DROPPED,
                             "Key %s [%d] not initialized (yet), dropping packet.",
                             print_link_socket_actual(from, &gc), key_id);
                         goto error_lite;