Bläddra i källkod

finished replacing precompiler debug directives with macros

cecylia 6 år sedan
förälder
incheckning
4264eb8e13
4 ändrade filer med 43 tillägg och 89 borttagningar
  1. 4 14
      relay_station/crypto.c
  2. 20 31
      relay_station/flow.c
  3. 0 8
      relay_station/packet.c
  4. 19 36
      relay_station/slitheen.c

+ 4 - 14
relay_station/crypto.c

@@ -1343,13 +1343,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
     uint8_t output[EVP_MAX_MD_SIZE];
 
     //first encrypt the header	
-#ifdef DEBUG_DOWN
-    printf("Plaintext Header:\n");
-    for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super encrypt: Plaintext Header:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, p, SLITHEEN_HEADER_LEN);
 
     hdr_ctx = EVP_CIPHER_CTX_new();
 
@@ -1367,13 +1362,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
         goto end;
     }
 
-#ifdef DEBUG_DOWN
-    printf("Encrypted Header (%d bytes)\n", out_len);
-    for(int i=0; i< out_len; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super encrypt: Encrypted Header (%d bytes):\n", out_len);
+    DEBUG_BYTES(DEBUG_CRYPTO, p, out_len);
 
     if(len == 0){ //only encrypt header: body contains garbage bytes
         retval = 1;

+ 20 - 31
relay_station/flow.c

@@ -308,25 +308,25 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
                     if(f->resume_session){
                         if(verify_session_id(f,p)){
-                            fprintf(stderr, "Failed to verify session id\n");
+                            DEBUG_MSG(DEBUG_HS, "Failed to verify session id\n");
                         }
                     } else {
                         if(save_session_id(f,p)){
-                            fprintf(stderr, "Failed to save session id\n");
+                            DEBUG_MSG(DEBUG_HS, "Failed to save session id\n");
                         }
                     }
 
                     if(verify_extensions(f,p, HANDSHAKE_MESSAGE_LEN(handshake_hdr))){
-                        fprintf(stderr, "Failed to verify extensions\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to verify extensions\n");
                     }
 
                     if(extract_server_random(f, p)){
-                        fprintf(stderr, "Failed to extract server random nonce\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to extract server random nonce\n");
                         remove_flow(f);
                         goto err;
                     }
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
+                        DEBUG_MSG(DEBUG_HS, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -335,14 +335,13 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "Received new session\n");
 
                     if(save_session_ticket(f, p, HANDSHAKE_MESSAGE_LEN(handshake_hdr))){
-                        fprintf(stderr, "Failed to save session ticket\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to save session ticket\n");
                     }
                     break;
                 case TLS_CERT:
                     DEBUG_MSG(DEBUG_HS, "Received cert\n");
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -351,7 +350,6 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "Received certificate status\n");
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -360,13 +358,12 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "Received server keyex\n");
 
                     if(extract_parameters(f, p)){
-                        printf("Error extracting params\n");
+                        DEBUG_MSG(DEBUG_HS, "Error extracting params\n");
                         remove_flow(f);
                         goto err;
                     }
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -375,7 +372,6 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
                 case TLS_CERT_REQ:
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -384,7 +380,6 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "Received server hello done\n");
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -393,7 +388,6 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "received cert verify\n");
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -403,12 +397,11 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_MSG(DEBUG_HS, "Received client key exchange\n");
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     if(compute_master_secret(f)){
-                        printf("Error computing master secret\n");
+                        DEBUG_MSG(DEBUG_HS, "Error computing master secret\n");
                         remove_flow(f);
                         goto err;
 
@@ -419,7 +412,7 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
                     if((f->in_encrypted == 2) && (f->out_encrypted == 2)){
                         f->application = 1;
-                        printf("Handshake complete!\n");
+                        DEBUG_MSG(DEBUG_HS, "Handshake complete!\n");
                     }
 
                     if(!incoming) {
@@ -428,7 +421,7 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                         break;
                     }
                     if(mark_finished_hash(f, p)){
-                        fprintf(stderr, "Error marking finished hash\n");
+                        DEBUG_MSG(DEBUG_HS, "Error marking finished hash\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -440,19 +433,19 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     DEBUG_BYTES(DEBUG_HS, record, record_len);
 
                     if(n<=0){
-                        printf("Error re-encrypting finished  (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port),
+                        DEBUG_MSG(DEBUG_HS, "Error re-encrypting finished  (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port),
                                 f->dst_ip.s_addr, ntohs(f->dst_port));
                     }
 
                     break;
                 default:
-                    printf("Error: unrecognized hs message? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+                    DEBUG_MSG(DEBUG_HS, "Error: unrecognized hs message? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
                     remove_flow(f);
                     goto err;
             }
             break;
         case APP:
-            printf("Application Data (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+            DEBUG_MSG(DEBUG_HS, "Application Data (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
             break;
         case CCS:
             DEBUG_MSG(DEBUG_HS, "CCS (%x:%d -> %x:%d) \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
@@ -481,31 +474,27 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                 if(n <= 0){
                     printf("Error decrypting Alert\n");
                 }
-                printf("Decrypted alert:\n");
-                for(int i=0; i< n; i++){
-                    printf("%02x ", p[i]);
-                }
-                printf("\n");
+                DEBUG_MSG(DEBUG_HS, "Decrypted alert:\n");
+                DEBUG_BYTES(DEBUG_HS, p, n);
+
                 p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
             }
-            printf("Alert (%x:%d -> %x:%d) (%s) %02x %02x \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), (incoming) ? "incoming" : "outgoing", p[0], p[1]);
-            fflush(stdout);
+            DEBUG_MSG(DEBUG_HS, "Alert (%x:%d -> %x:%d) (%s) %02x %02x \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), (incoming) ? "incoming" : "outgoing", p[0], p[1]);
 
             //re-encrypt alert
             if(((incoming) && (f->in_encrypted > 0)) || ((!incoming) && (f->out_encrypted > 0))){
                 int32_t n =  encrypt(f, record+RECORD_HEADER_LEN, record+RECORD_HEADER_LEN, record_len - (RECORD_HEADER_LEN+16), incoming, 0x15, 1, 1);
                 if(n <= 0){
-                    printf("Error re-encrypting alert\n");
+                    DEBUG_MSG(DEBUG_HS, "Error re-encrypting alert\n");
                 }
             }
 
             break;
         case HB:
-            printf("Heartbeat\n");
+            DEBUG_MSG(DEBUG_HS, "Heartbeat\n");
             break;
         default:
-            printf("Error: Not a Record (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-            fflush(stdout);
+            DEBUG_MSG(DEBUG_HS, "Error: Not a Record (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
             remove_flow(f);
             goto err;
     }

+ 0 - 8
relay_station/packet.c

@@ -121,13 +121,5 @@ void inject_packet(struct inject_args *iargs, const struct pcap_pkthdr *header,
         printf("Length: %d\n", header->len);
     }
 
-#ifdef DEBUG_EXTRA
-    fprintf(stderr, "injected the following packet:\n");
-    for(int i=0; i< header->len; i++){
-        fprintf(stderr, "%02x ", packet[i]);
-    }
-    fprintf(stderr, "\n");
-
-#endif
     free(packet);
 }

+ 19 - 36
relay_station/slitheen.c

@@ -211,20 +211,17 @@ void process_packet(struct inject_args *iargs, const struct pcap_pkthdr *header,
     flow *observed;
     if((observed = check_flow(info)) != NULL){
 
-#ifdef DEBUG
         /*Check sequence number and replay application data if necessary*/
-        fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? "incoming":"outgoing");
-        fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
-        fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
-        fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
-#endif
+        DEBUG_MSG(DEBUG_FLOW, "Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? "incoming":"outgoing");
+        DEBUG_MSG(DEBUG_FLOW, "ID number: %u\n", htonl(info->ip_hdr->id));
+        DEBUG_MSG(DEBUG_FLOW, "Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
+        DEBUG_MSG(DEBUG_FLOW, "Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
 
         uint8_t incoming = (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? 1 : 0;
         uint32_t seq_num = htonl(info->tcp_hdr->sequence_num);
         uint32_t expected_seq = (incoming)? observed->downstream_seq_num : observed->upstream_seq_num;
-#ifdef DEBUG
-        fprintf(stdout,"Expected sequence number: %u\n", expected_seq);
-#endif
+
+        DEBUG_MSG(DEBUG_FLOW, "Expected sequence number: %u\n", expected_seq);
 
         /* Remove acknowledged data from queue after TCP window is exceeded */
         update_window_expiration(observed, info);
@@ -388,20 +385,18 @@ void save_packet(flow *f, struct packet_info *info){
             if(new_block->seq_num ==
                     f->downstream_seq_num){
                 f->downstream_seq_num += new_block->len;
-#ifdef DEBUG
-                printf("Updated downstream expected seqnum to %u\n",
+
+                DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                         f->downstream_seq_num );
-#endif
             }
         } else {
             f->upstream_app_data->first_packet = new_block;
             if(new_block->seq_num ==
                     f->upstream_seq_num){
                 f->upstream_seq_num += new_block->len;
-#ifdef DEBUG
-                printf("Updated upstream expected seqnum to %u\n",
+
+                DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                         f->upstream_seq_num );
-#endif
             }
         }
 
@@ -419,19 +414,15 @@ void save_packet(flow *f, struct packet_info *info){
                 if(saved_data->next->seq_num ==
                         f->downstream_seq_num){
                     f->downstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated downstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                             f->downstream_seq_num );
-#endif
                 }
             } else {//outgoing
                 if(saved_data->next->seq_num ==
                         f->upstream_seq_num){
                     f->upstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated upstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                             f->upstream_seq_num );
-#endif
                 }
             }
 
@@ -445,19 +436,15 @@ void save_packet(flow *f, struct packet_info *info){
                 if(saved_data->next->seq_num ==
                         f->downstream_seq_num){
                     f->downstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated downstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                             f->downstream_seq_num );
-#endif
                 }
             } else {//outgoing
                 if(saved_data->next->seq_num ==
                         f->upstream_seq_num){
                     f->upstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated upstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                             f->upstream_seq_num );
-#endif
                 }
             }
 
@@ -478,11 +465,9 @@ void update_window_expiration(flow *f, struct packet_info *info){
     uint32_t end_seq = htonl(info->tcp_hdr->sequence_num) + info->app_data_len - 1;
     uint32_t window = ack_num + htons(info->tcp_hdr->win_size);
 
-#ifdef DEBUG
-    printf("Received sequence number %u\n", htonl(info->tcp_hdr->sequence_num));
-    printf("Acknowledged up to %u with window expiring at %u\n", ack_num, window);
-    printf("Removing all packets up to %u\n", end_seq);
-#endif
+    DEBUG_MSG(DEBUG_FLOW, "Received sequence number %u\n", htonl(info->tcp_hdr->sequence_num));
+    DEBUG_MSG(DEBUG_FLOW, "Acknowledged up to %u with window expiring at %u\n", ack_num, window);
+    DEBUG_MSG(DEBUG_FLOW, "Removing all packets up to %u\n", end_seq);
 
     packet *saved_data = (incoming)? f->downstream_app_data->first_packet :
         f->upstream_app_data->first_packet;
@@ -499,13 +484,11 @@ void update_window_expiration(flow *f, struct packet_info *info){
         saved_data = (incoming)? f->downstream_app_data->first_packet :
             f->upstream_app_data->first_packet;
 
-#ifdef DEBUG
         if(saved_data != NULL){
-            printf("Currently saved seq_num is now %u\n", saved_data->seq_num);
+            DEBUG_MSG(DEBUG_FLOW, "Currently saved seq_num is now %u\n", saved_data->seq_num);
         } else {
-            printf("Acked all data, queue is empty\n");
+            DEBUG_MSG(DEBUG_FLOW, "Acked all data, queue is empty\n");
         }
-#endif
 
     }