| Message ID | 20230209142248.455120-2-arne@rfc2549.org |
|---|---|
| State | New |
| Headers | show |
| Series | [Openvpn-devel,1/2] Add 'allow-compression stub-only and refuse framing with 'allow-compression no' | expand |
On Thu, Feb 09, 2023 at 03:22:48PM +0100, Arne Schwabe wrote: > This helps debugging what information a client is sending without having to > use a debugger or to look at the server log. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> > --- > src/openvpn/ssl.c | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c > index 016bdc57f..1138dc4e7 100644 > --- a/src/openvpn/ssl.c > +++ b/src/openvpn/ssl.c > @@ -1970,6 +1970,20 @@ read_string_alloc(struct buffer *buf) > return str; > } > > +static void > +print_client_peer_info(struct buffer *out, struct gc_arena *gc) > +{ > + struct buffer buf = alloc_buf_gc(buf_len(out), gc); > + buf_copy(&buf, out); > + > + char line[256]; > + > + while (buf_parse(&buf, '\n', line, sizeof(line))) > + { > + chomp(line); > + msg(D_PUSH_DEBUG, "sending peer info: %s", line); > + } > +} While this certainly is the minimal change, actually re-parsing the whole buffer after we have written it feels backwards. Wouldn't it be cleaner to actually wrap the buf_printf calls as something like "add_var" and do the logging as the variables are added? That would avoid the need for the additional allocations and parsing. Regards,
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 016bdc57f..1138dc4e7 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1970,6 +1970,20 @@ read_string_alloc(struct buffer *buf) return str; } +static void +print_client_peer_info(struct buffer *out, struct gc_arena *gc) +{ + struct buffer buf = alloc_buf_gc(buf_len(out), gc); + buf_copy(&buf, out); + + char line[256]; + + while (buf_parse(&buf, '\n', line, sizeof(line))) + { + chomp(line); + msg(D_PUSH_DEBUG, "sending peer info: %s", line); + } +} /** * Prepares the IV_ and UV_ variables that are part of the * exchange to signal the peer's capabilities. The amount @@ -2119,6 +2133,11 @@ push_peer_info(struct buffer *buf, struct tls_session *session) } } + if (check_debug_level(D_PUSH_DEBUG)) + { + print_client_peer_info(&out, &gc); + } + if (!write_string(buf, BSTR(&out), -1)) { goto error;
This helps debugging what information a client is sending without having to use a debugger or to look at the server log. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/ssl.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)