relay_station/Makefile

@@ -1,4 +1,4 @@
-CFLAGS=-g -ggdb -Wall -std=gnu99 -DDEBUG_DOWN -DDEBUG_PROXY -DRESOURCE_DEBUG -DDEBUG_HS
+CFLAGS=-g -ggdb -Wall -std=gnu99
 
 TARGETS=slitheen
 

relay_station/crypto.c

@@ -274,13 +274,8 @@ int update_handshake_hash(flow *f, uint8_t *hs){
 
     EVP_DigestUpdate(f->hs_md_ctx, hs, hs_len+4);
 
-#ifdef DEBUG_HS_EXTRA
-    printf("SLITHEEN: adding to handshake hash:\n");
-    for(int i=0; i< hs_len + 4; i++){
-        printf("%02x ", hs[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_HS, "Adding to handshake hash:\n");
+    DEBUG_BYTES(DEBUG_HS, hs, hs_len);
 
     return 0;
 }
@@ -378,9 +373,9 @@ int extract_parameters(flow *f, uint8_t *hs){
 
         //int curve_id = (p[1] << 8) + p[2];
         int curve_id = *(p+2);
-#ifdef DEBUG_HS
-        printf("Using curve number %d\n", curve_id);
-#endif
+
+        DEBUG_MSG(DEBUG_HS, "Using curve number %d\n", curve_id);
+
         if((curve_id < 0) || ((unsigned int)curve_id >
                     sizeof(nid_list) / sizeof(nid_list[0]))){
             goto err;
@@ -416,7 +411,7 @@ int extract_parameters(flow *f, uint8_t *hs){
             ngroup = EC_GROUP_new_by_curve_name(curve_nid);
 
             if(ngroup == NULL){
-                printf("couldn't get curve by name (%d)\n", curve_nid);
+                DEBUG_MSG(DEBUG_HS, "couldn't get curve by name (%d)\n", curve_nid);
                 goto err;
             }
 
@@ -510,21 +505,6 @@ int encrypt(flow *f, uint8_t *input, uint8_t *output, int32_t len, int32_t incom
         }
     }
 
-    /*if(f->application && (ds->iv[EVP_GCM_TLS_FIXED_IV_LEN] == 0)){
-    //fill in rest of iv
-    for(int i = EVP_GCM_TLS_FIXED_IV_LEN; i< ds->cipher->iv_len; i++){
-    ds->iv[i] = p[i- EVP_GCM_TLS_FIXED_IV_LEN];
-    }
-    }*/
-
-#ifdef DEBUG_HS_EXTRA
-    printf("\t\tiv: ");
-    for(int i=0; i<ds->cipher->iv_len; i++){
-        printf("%02X ", ds->iv[i]);
-    }
-    printf("\n");
-#endif
-
     uint8_t buf[13];
     memcpy(buf, seq, 8);
 
@@ -548,13 +528,8 @@ int encrypt(flow *f, uint8_t *input, uint8_t *output, int32_t len, int32_t incom
     int32_t n = EVP_Cipher(ds, p, p, len); //decrypt in place
     if(n<0) return 0;
 
-#ifdef DEBUG
-    printf("decrypted data:\n");
-    for(int i=0; i< len; i++){
-        printf("%02x ", p[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "decrypted data:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, p, len);
 
     if(!enc)
         p[EVP_GCM_TLS_EXPLICIT_IV_LEN+n] = '\0';
@@ -628,9 +603,8 @@ int mark_finished_hash(flow *f, uint8_t *hs){
  *  	0 on success, 1 on failure
  */
 int compute_master_secret(flow *f){
-#ifdef DEBUG_HS
-    printf("Computing master secret (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-#endif
+
+    DEBUG_MSG(DEBUG_CRYPTO, "Computing master secret (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
 
     DH *dh_srvr = NULL;
     DH *dh_clnt = NULL;
@@ -680,25 +654,17 @@ int compute_master_secret(flow *f){
 
         pub_key = BN_new();
         priv_key = BN_new();
-#ifdef DEBUG
-        printf("key =");
-        for(int i=0; i< 16; i++)
-            printf(" %02x", f->key[i]);
-        printf("\n");
-#endif
+
+        DEBUG_MSG(DEBUG_CRYPTO, "tag key =");
+        DEBUG_BYTES(DEBUG_CRYPTO, f->key, 16);
 
         tls_PRF(f, f->key, 16,
                 (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                 NULL, 0, NULL, 0, NULL, 0,
                 buf, bytes);
 
-#ifdef DEBUG_HS
-        printf("Generated the client private key [len: %d]: ", bytes);
-        for(int i=0; i< bytes; i++){
-            printf(" %02x ", buf[i]);
-        }
-        printf("\n");
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "Generated the client private key [len: %d]: ", bytes);
+        DEBUG_BYTES(DEBUG_CRYPTO, buf, bytes);
 
         if (!BN_bin2bn(buf, bytes, priv_key))
             goto err;
@@ -756,14 +722,9 @@ int compute_master_secret(flow *f){
             tls_PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                     NULL, 0, NULL, 0, NULL, 0, xkey->privkey, X25519_KEYLEN);
 
-#ifdef DEBUG_HS
-            printf("Generated the X25519 client private key [len: %d]: ", X25519_KEYLEN);
-            for(int i=0; i< X25519_KEYLEN; i++){
-                printf("%02x ", xkey->privkey[i]);
-            }
-            printf("\n");
-#endif
-            //X25519_public_from_private(xkey->pubkey, xkey->privkey);
+            DEBUG_MSG(DEBUG_CRYPTO, "Generated the X25519 client private key [len: %d]: ", X25519_KEYLEN);
+            DEBUG_BYTES(DEBUG_CRYPTO, xkey->privkey, X25519_KEYLEN);
+
             ckey = EVP_PKEY_new();
             EVP_PKEY_assign(ckey, NID_X25519, xkey);
 
@@ -831,13 +792,8 @@ int compute_master_secret(flow *f){
             tls_PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                     NULL, 0, NULL, 0, NULL, 0, buf, bytes);
 
-#ifdef DEBUG_HS
-            printf("Generated the client private key [len: %d]: ", bytes);
-            for(int i=0; i< bytes; i++){
-                printf("%02x ", buf[i]);
-            }
-            printf("\n");
-#endif
+            DEBUG_MSG(DEBUG_CRYPTO, "Generated the client private key [len: %d]: ", bytes);
+            DEBUG_BYTES(DEBUG_CRYPTO, buf, bytes);
 
             if(!BN_bin2bn(buf, bytes, priv_key)){
                 goto err;
@@ -896,29 +852,26 @@ int compute_master_secret(flow *f){
 #endif
 
         tls_PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_EXTENDED_MASTER_SECRET_CONST, TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, hash, hash_len, NULL, 0, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
-#ifdef DEBUG_HS
-        fprintf(stdout, "Premaster Secret:\n");
-        BIO_dump_fp(stdout, (char *)pre_master_secret, pre_master_len);
-        fprintf(stdout, "Handshake hash:\n");
-        BIO_dump_fp(stdout, (char *)hash, hash_len);
-        fprintf(stdout, "Master Secret:\n");
-        BIO_dump_fp(stdout, (char *)f->master_secret, SSL3_MASTER_SECRET_SIZE);
-#endif
+
+        DEBUG_MSG(DEBUG_CRYPTO, "Premaster Secret:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, pre_master_secret, pre_master_len);
+        DEBUG_MSG(DEBUG_CRYPTO, "Handshake hash:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, hash, hash_len);
+        DEBUG_MSG(DEBUG_CRYPTO, "Master Secret:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, f->master_secret, SSL3_MASTER_SECRET_SIZE);
 
     } else {
 
         tls_PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, f->client_random, SSL3_RANDOM_SIZE, f->server_random, SSL3_RANDOM_SIZE, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
 
-#ifdef DEBUG_HS
-        fprintf(stdout, "Premaster Secret:\n");
-        BIO_dump_fp(stdout, (char *)pre_master_secret, pre_master_len);
-        fprintf(stdout, "Client Random:\n");
-        BIO_dump_fp(stdout, (char *)f->client_random, SSL3_RANDOM_SIZE);
-        fprintf(stdout, "Server Random:\n");
-        BIO_dump_fp(stdout, (char *)f->server_random, SSL3_RANDOM_SIZE);
-        fprintf(stdout, "Master Secret:\n");
-        BIO_dump_fp(stdout, (char *)f->master_secret, SSL3_MASTER_SECRET_SIZE);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "Premaster Secret:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, pre_master_secret, pre_master_len);
+        DEBUG_MSG(DEBUG_CRYPTO, "Client Random:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, f->client_random, SSL3_RANDOM_SIZE);
+        DEBUG_MSG(DEBUG_CRYPTO, "Server Random:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, f->server_random, SSL3_RANDOM_SIZE);
+        DEBUG_MSG(DEBUG_CRYPTO, "Master Secret:\n");
+        DEBUG_BYTES(DEBUG_CRYPTO, f->master_secret, SSL3_MASTER_SECRET_SIZE);
     }
 
     if(f->current_session != NULL){
@@ -992,53 +945,39 @@ int extract_server_random(flow *f, uint8_t *hs){
     p += id_len;
 
     //now extract ciphersuite
-#ifdef DEBUG_HS
-    printf("Checking cipher\n");
-#endif
 
     if(((p[0] <<8) + p[1]) == 0x9E){
 
-#ifdef DEBUG_HS
-        printf("USING DHE-RSA-AES128-GCM-SHA256\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "USING DHE-RSA-AES128-GCM-SHA256\n");
+
         f->keyex_alg = 1;
         f->cipher = EVP_aes_128_gcm();
         f->message_digest = EVP_sha256();
 
     } else if(((p[0] <<8) + p[1]) == 0x9F){
-#ifdef DEBUG_HS
-        printf("USING DHE-RSA-AES256-GCM-SHA384\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "USING DHE-RSA-AES256-GCM-SHA384\n");
+
         f->keyex_alg = 1;
         f->cipher = EVP_aes_256_gcm();
         f->message_digest = EVP_sha384();
 
     } else if(((p[0] <<8) + p[1]) == 0xC02F){
-#ifdef DEBUG_HS
-        printf("USING ECDHE-RSA-AES128-GCM-SHA256\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "USING ECDHE-RSA-AES128-GCM-SHA256\n");
+
         f->keyex_alg = 2;
         f->cipher = EVP_aes_128_gcm();
         f->message_digest = EVP_sha256();
 
     } else if(((p[0] <<8) + p[1]) == 0xC030){
-#ifdef DEBUG_HS
-        printf("USING ECDHE-RSA-AES256-GCM-SHA384\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "USING ECDHE-RSA-AES256-GCM-SHA384\n");
+
         f->keyex_alg = 2;
         f->cipher = EVP_aes_256_gcm();
         f->message_digest = EVP_sha384();
 
     } else {
-#ifdef DEBUG_HS
-        printf("%x %x = %x\n", p[0], p[1], ((p[0] <<8) + p[1]));
-        printf("Error: unsupported cipher\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_CRYPTO, "%x %x = %x\n", p[0], p[1], ((p[0] <<8) + p[1]));
+        DEBUG_MSG(DEBUG_CRYPTO, "Error: unsupported cipher\n");
         return 1;
     }
 
@@ -1220,31 +1159,14 @@ int init_ciphers(flow *f){
             NULL, 0,
             key_block, total_len);
 
-#ifdef DEBUG
-    printf("master secret: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-    for(int i=0; i< SSL3_MASTER_SECRET_SIZE; i++){
-        printf("%02x ", f->master_secret[i]);
-    }
-    printf("\n");
-
-    printf("client random: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-    for(int i=0; i< SSL3_RANDOM_SIZE; i++){
-        printf("%02x ", f->client_random[i]);
-    }
-    printf("\n");
-
-    printf("server random: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-    for(int i=0; i< SSL3_RANDOM_SIZE; i++){
-        printf("%02x ", f->server_random[i]);
-    }
-    printf("\n");
-
-    printf("keyblock: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-    for(int i=0; i< total_len; i++){
-        printf("%02x ", key_block[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "Client Random:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, f->client_random, SSL3_RANDOM_SIZE);
+    DEBUG_MSG(DEBUG_CRYPTO, "Server Random:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, f->server_random, SSL3_RANDOM_SIZE);
+    DEBUG_MSG(DEBUG_CRYPTO, "Master Secret:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, f->master_secret, SSL3_MASTER_SECRET_SIZE);
+    DEBUG_MSG(DEBUG_CRYPTO, "Key Block:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, key_block, total_len);
 
     iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
 
@@ -1263,46 +1185,16 @@ int init_ciphers(flow *f){
     EVP_CIPHER_CTX_init(w_ctx_srvr);
     EVP_CIPHER_CTX_init(r_ctx_srvr);
 
-    /* Initialize MACs --- not needed for aes_256_gcm
-       write_mac = key_block + 2*key_len + 2*iv_len;
-       read_mac = key_block + 2*key_len + 2*iv_len + mac_len;
-       read_mac_ctx = EVP_MD_CTX_create();
-       write_mac_ctx = EVP_MD_CTX_create();
-       read_mac_key =EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, read_mac, mac_len);
-       write_mac_key =EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, write_mac, mac_len);
-       EVP_DigestSignInit(read_mac_ctx, NULL, EVP_sha384(), NULL, read_mac_key);
-       EVP_DigestSignInit(write_mac_ctx, NULL, EVP_sha384(), NULL, write_mac_key);
-       EVP_PKEY_free(read_mac_key);
-       EVP_PKEY_free(write_mac_key);*/
-
-
-#ifdef DEBUG_HS_EXTRA
-    {
-        int i;
-        fprintf(stderr, "EVP_CipherInit_ex(r_ctx,c,key=,iv=,which)\n");
-        fprintf(stderr, "\tkey= ");
-        for (i = 0; i < c->key_len; i++)
-            fprintf(stderr, "%02x", read_key[i]);
-        fprintf(stderr, "\n");
-        fprintf(stderr, "\t iv= ");
-        for (i = 0; i < c->iv_len; i++)
-            fprintf(stderr, "%02x", read_iv[i]);
-        fprintf(stderr, "\n");
-    }
 
-    {
-        int i;
-        fprintf(stderr, "EVP_CipherInit_ex(w_ctx,c,key=,iv=,which)\n");
-        fprintf(stderr, "\tkey= ");
-        for (i = 0; i < c->key_len; i++)
-            fprintf(stderr, "%02x", write_key[i]);
-        fprintf(stderr, "\n");
-        fprintf(stderr, "\t iv= ");
-        for (i = 0; i < c->iv_len; i++)
-            fprintf(stderr, "%02x", write_iv[i]);
-        fprintf(stderr, "\n");
-    }
-#endif 
+    DEBUG_MSG(DEBUG_CRYPTO, "EVP_CipherInit_ex(r_ctx,c,key=,iv=,which)\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, read_key, key_len);
+    DEBUG_MSG(DEBUG_CRYPTO, "\t iv= ");
+    DEBUG_BYTES(DEBUG_CRYPTO, read_iv, iv_len);
+
+    DEBUG_MSG(DEBUG_CRYPTO, "EVP_CipherInit_ex(w_ctx,c,key=,iv=,which)\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, write_key, key_len);
+    DEBUG_MSG(DEBUG_CRYPTO, "\t iv= ");
+    DEBUG_BYTES(DEBUG_CRYPTO, write_iv, iv_len);
 
     if(!EVP_CipherInit_ex(r_ctx, c, NULL, read_key, NULL, 0)){
         printf("FAIL r_ctx\n");
@@ -1379,17 +1271,12 @@ void generate_client_super_keys(uint8_t *secret, client *c){
     /* check tag*/ 
     if(check_tag(shared_secret, privkey, secret, (const byte *)"context", 7)){
         //something went wrong O.o
-        printf("Error extracting secret from tag\n");
+        DEBUG_MSG(DEBUG_CRYPTO, "Error extracting secret from tag\n");
         return;
     }
 
-#ifdef DEBUG
-    printf("Shared secret: ");
-    for(int i=0; i< 16; i++){
-        printf("%02x ", shared_secret[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "Shared secret: ");
+    DEBUG_BYTES(DEBUG_CRYPTO, shared_secret, 16);
 
     /* Generate Keys */
     uint8_t *hdr_key, *bdy_key;
@@ -1409,19 +1296,11 @@ void generate_client_super_keys(uint8_t *secret, client *c){
             NULL, 0,
             key_block, total_len);
 
-#ifdef DEBUG
-    printf("slitheend id: \n");
-    for(int i=0; i< SLITHEEN_ID_LEN; i++){
-        printf("%02x ", secret[i]);
-    }
-    printf("\n");
+    DEBUG_MSG(DEBUG_CRYPTO, "slitheend id: \n");
+    DEBUG_BYTES(DEBUG_CRYPTO, secret, SLITHEEN_ID_LEN);
 
-    printf("keyblock: \n");
-    for(int i=0; i< total_len; i++){
-        printf("%02x ", key_block[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "keyblock: \n");
+    DEBUG_BYTES(DEBUG_CRYPTO, key_block, total_len);
 
     hdr_key = key_block;
     bdy_key = key_block + key_len;
@@ -1464,13 +1343,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
     uint8_t output[EVP_MAX_MD_SIZE];
 
     //first encrypt the header	
-#ifdef DEBUG_DOWN
-    printf("Plaintext Header:\n");
-    for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super encrypt: Plaintext Header:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, p, SLITHEEN_HEADER_LEN);
 
     hdr_ctx = EVP_CIPHER_CTX_new();
 
@@ -1488,13 +1362,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
         goto end;
     }
 
-#ifdef DEBUG_DOWN
-    printf("Encrypted Header (%d bytes)\n", out_len);
-    for(int i=0; i< out_len; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super encrypt: Encrypted Header (%d bytes):\n", out_len);
+    DEBUG_BYTES(DEBUG_CRYPTO, p, out_len);
 
     if(len == 0){ //only encrypt header: body contains garbage bytes
         retval = 1;
@@ -1514,13 +1383,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
 
     p+= 16;
 
-#ifdef DEBUG
-    printf("Plaintext:\n");
-    for(int i=0; i< len; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super_encrypt: plaintext:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, p, len);
 
     if(!EVP_CipherUpdate(bdy_ctx, p, &out_len, p, len)){
         printf("Failed!\n");
@@ -1528,14 +1392,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
         goto end;
     }
 
-#ifdef DEBUG
-    printf("Encrypted %d bytes\n", out_len);
-    printf("Encrypted data:\n");
-    for(int i=0; i< out_len; i++){
-        printf("%02x ", p[i]);
-    }
-    printf("\n");
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super_encrypt: Encrypted data (%d bytes) :\n", out_len);
+    DEBUG_BYTES(DEBUG_CRYPTO, p, out_len);
 
     //MAC at the end
     EVP_MD_CTX *mac_ctx = NULL;
@@ -1563,14 +1421,8 @@ int super_encrypt(client *c, uint8_t *data, uint32_t len){
     p += out_len;
     memcpy(p, output, 16);
 
-#ifdef DEBUG_PARSE
-    printf("Computed mac:\n");
-    for(int i=0; i< 16; i++){
-        printf("%02x ", output[i]);
-    }   
-    printf("\n");
-    fflush(stdout);
-#endif
+    DEBUG_MSG(DEBUG_CRYPTO, "super_encrypt: Computed mac:\n");
+    DEBUG_BYTES(DEBUG_CRYPTO, output, 16);
 
 end:
     if(hdr_ctx != NULL){
@@ -1639,13 +1491,8 @@ int check_handshake(struct packet_info *info){
         //res = check_tag(key, privkey, p, (const byte *)"context", 7);//for phantomjs testing
         if (!res) {
 
-#ifdef DEBUG_HS
-            printf("Received tagged flow! (key =");
-            for(int i=0; i<16;i++){
-                printf(" %02x", key[i]);
-            }
-            printf(")\n");
-#endif
+            DEBUG_MSG(DEBUG_CRYPTO, "Received tagged flow! (key =");
+            DEBUG_BYTES(DEBUG_CRYPTO, key, 16);
 
             /* If flow is not in table, save it */
             flow *flow_ptr = check_flow(info);
@@ -1661,14 +1508,9 @@ int check_handshake(struct packet_info *info){
                 }
 
                 memcpy(flow_ptr->client_random, hello_rand, SSL3_RANDOM_SIZE);
-#ifdef DEBUG
-                for(int i=0; i< SSL3_RANDOM_SIZE; i++){
-                    printf("%02x ", hello_rand[i]);
-                }
-                printf("\n");
 
-                printf("Saved new flow\n");
-#endif
+                DEBUG_MSG(DEBUG_CRYPTO, "Hello random:\n");
+                DEBUG_BYTES(DEBUG_CRYPTO, hello_rand, SSL3_RANDOM_SIZE);
 
                 flow_ptr->ref_ctr--;
 
@@ -1679,7 +1521,6 @@ int check_handshake(struct packet_info *info){
 
                 memcpy(flow_ptr->client_random, hello_rand, SSL3_RANDOM_SIZE);
                 flow_ptr->ref_ctr--;
-                printf("Flow updated in check_flow. %p ref_ctr %d\n", flow_ptr, flow_ptr->ref_ctr);
             }
 
         }

relay_station/flow.c

@@ -247,25 +247,17 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
     switch(record_hdr->type){
         case HS:
             p = record;
-#ifdef DEBUG_HS_EXTRA
-            printf("Received handshake packet  (%x:%d -> %x:%d) (incoming: %d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
-            for(int i=0; i< record_len; i++){
-                printf("%02x ", p[i]);
-            }
-            printf("\n");
-#endif
+
+            DEBUG_MSG(DEBUG_HS, "Received handshake packet  (%x:%d -> %x:%d) (incoming: %d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
+
             p += RECORD_HEADER_LEN;
 
 
             if((incoming && f->in_encrypted) || (!incoming && f->out_encrypted)){
-#ifdef DEBUG_HS
-                printf("Decrypting finished (%d bytes) (%x:%d -> %x:%d) (incoming: %d)\n", record_len - RECORD_HEADER_LEN, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
-                printf("Finished ciphertext:\n");
-                for(int i=0; i< record_len; i++){
-                    printf("%02x ", record[i]);
-                }
-                printf("\n");
-#endif
+                DEBUG_MSG(DEBUG_HS, "Decrypting finished (%d bytes) (%x:%d -> %x:%d) (incoming: %d)\n", record_len - RECORD_HEADER_LEN, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
+
+                DEBUG_BYTES(DEBUG_HS, record, record_len);
+
                 int32_t n = encrypt(f, p, p, record_len - RECORD_HEADER_LEN, incoming, 0x16, 0, 0);
                 if(n<=0){
                     printf("Error decrypting finished  (%x:%d -> %x:%d) (incoming: %d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
@@ -275,18 +267,13 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     }
 
                 }
-#ifdef DEBUG_HS
-                printf("Finished decrypted: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-#endif
+
+                DEBUG_MSG(DEBUG_HS, "Finished decrypted: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+
                 p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
 
-#ifdef DEBUG_HS
-                printf("record:\n");
-                for(int i=0; i< n; i++){
-                    printf("%02x ", p[i]);
-                }
-                printf("\n");
-#endif
+                DEBUG_BYTES(DEBUG_HS, p, n);
+
                 if(p[0] != 0x14){
                     p[0] = 0x20; //trigger error
                 }
@@ -303,9 +290,8 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
             switch(f->state){
                 case TLS_CLNT_HELLO: 
-#ifdef DEBUG_HS
-                    printf("Received tagged client hello (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received tagged client hello (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+
                     if(check_extensions(f, p, HANDSHAKE_MESSAGE_LEN(handshake_hdr))){
                         fprintf(stderr, "Error checking session, might cause problems\n");
                     }
@@ -318,74 +304,66 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
                     break;
                 case TLS_SERV_HELLO:
-#ifdef DEBUG_HS
-                    printf("Received server hello (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received server hello (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+
                     if(f->resume_session){
                         if(verify_session_id(f,p)){
-                            fprintf(stderr, "Failed to verify session id\n");
+                            DEBUG_MSG(DEBUG_HS, "Failed to verify session id\n");
                         }
                     } else {
                         if(save_session_id(f,p)){
-                            fprintf(stderr, "Failed to save session id\n");
+                            DEBUG_MSG(DEBUG_HS, "Failed to save session id\n");
                         }
                     }
 
                     if(verify_extensions(f,p, HANDSHAKE_MESSAGE_LEN(handshake_hdr))){
-                        fprintf(stderr, "Failed to verify extensions\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to verify extensions\n");
                     }
 
                     if(extract_server_random(f, p)){
-                        fprintf(stderr, "Failed to extract server random nonce\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to extract server random nonce\n");
                         remove_flow(f);
                         goto err;
                     }
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
+                        DEBUG_MSG(DEBUG_HS, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
                 case TLS_NEW_SESS:
-#ifdef DEBUG_HS
-                    printf("Received new session\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received new session\n");
+
                     if(save_session_ticket(f, p, HANDSHAKE_MESSAGE_LEN(handshake_hdr))){
-                        fprintf(stderr, "Failed to save session ticket\n");
+                        DEBUG_MSG(DEBUG_HS, "Failed to save session ticket\n");
                     }
                     break;
                 case TLS_CERT:
-#ifdef DEBUG_HS
-                    printf("Received cert\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received cert\n");
+
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
                 case TLS_CERT_STATUS:
-#ifdef DEBUG_HS
-                    printf("Received certificate status\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received certificate status\n");
+
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
                 case TLS_SRVR_KEYEX:
-#ifdef DEBUG_HS
-                    printf("Received server keyex\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received server keyex\n");
+
                     if(extract_parameters(f, p)){
-                        printf("Error extracting params\n");
+                        DEBUG_MSG(DEBUG_HS, "Error extracting params\n");
                         remove_flow(f);
                         goto err;
                     }
 
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -394,55 +372,47 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
                 case TLS_CERT_REQ:
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
                 case TLS_SRVR_HELLO_DONE:
-#ifdef DEBUG_HS
-                    printf("Received server hello done\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received server hello done\n");
+
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
                 case TLS_CERT_VERIFY:
-#ifdef DEBUG_HS
-                    printf("received cert verify\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "received cert verify\n");
+
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     break;
 
                 case TLS_CLNT_KEYEX:
-#ifdef DEBUG_HS
-                    printf("Received client key exchange\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received client key exchange\n");
+
                     if(update_handshake_hash(f, p)){
-                        fprintf(stderr, "Error updating finish has with CLNT_HELLO msg\n");
                         remove_flow(f);
                         goto err;
                     }
                     if(compute_master_secret(f)){
-                        printf("Error computing master secret\n");
+                        DEBUG_MSG(DEBUG_HS, "Error computing master secret\n");
                         remove_flow(f);
                         goto err;
 
                     }
                     break;
                 case TLS_FINISHED:
-#ifdef DEBUG_HS
-                    printf("Received finished (%d) (%x:%d -> %x:%d)\n", incoming, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-#endif
+                    DEBUG_MSG(DEBUG_HS, "Received finished (%d) (%x:%d -> %x:%d)\n", incoming, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+
                     if((f->in_encrypted == 2) && (f->out_encrypted == 2)){
                         f->application = 1;
-                        printf("Handshake complete!\n");
+                        DEBUG_MSG(DEBUG_HS, "Handshake complete!\n");
                     }
 
                     if(!incoming) {
@@ -451,7 +421,7 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                         break;
                     }
                     if(mark_finished_hash(f, p)){
-                        fprintf(stderr, "Error marking finished hash\n");
+                        DEBUG_MSG(DEBUG_HS, "Error marking finished hash\n");
                         remove_flow(f);
                         goto err;
                     }
@@ -459,33 +429,27 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                     //re-encrypt finished message
                     int32_t n =  encrypt(f, record+RECORD_HEADER_LEN, record+RECORD_HEADER_LEN, record_len - (RECORD_HEADER_LEN+16), incoming, 0x16, 1, 1);
 
-#ifdef HS_DEBUG
-                    printf("New finished ciphertext:\n");
-                    for(int i=0; i< record_len; i++){
-                        printf("%02x ", record[i]);
-                    }
-                    printf("\n");
-#endif
+                    DEBUG_MSG(DEBUG_HS, "New finished ciphertext:\n");
+                    DEBUG_BYTES(DEBUG_HS, record, record_len);
 
                     if(n<=0){
-                        printf("Error re-encrypting finished  (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port),
+                        DEBUG_MSG(DEBUG_HS, "Error re-encrypting finished  (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port),
                                 f->dst_ip.s_addr, ntohs(f->dst_port));
                     }
 
                     break;
                 default:
-                    printf("Error: unrecognized hs message? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+                    DEBUG_MSG(DEBUG_HS, "Error: unrecognized hs message? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
                     remove_flow(f);
                     goto err;
             }
             break;
         case APP:
-            printf("Application Data (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+            DEBUG_MSG(DEBUG_HS, "Application Data (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
             break;
         case CCS:
-#ifdef DEBUG_HS
-            printf("CCS (%x:%d -> %x:%d) \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-#endif
+            DEBUG_MSG(DEBUG_HS, "CCS (%x:%d -> %x:%d) \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
+
             /*Initialize ciphers */
             if ((!f->in_encrypted) && (!f->out_encrypted)){
                 if(init_ciphers(f)){
@@ -510,31 +474,27 @@ static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
                 if(n <= 0){
                     printf("Error decrypting Alert\n");
                 }
-                printf("Decrypted alert:\n");
-                for(int i=0; i< n; i++){
-                    printf("%02x ", p[i]);
-                }
-                printf("\n");
+                DEBUG_MSG(DEBUG_HS, "Decrypted alert:\n");
+                DEBUG_BYTES(DEBUG_HS, p, n);
+
                 p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
             }
-            printf("Alert (%x:%d -> %x:%d) (%s) %02x %02x \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), (incoming) ? "incoming" : "outgoing", p[0], p[1]);
-            fflush(stdout);
+            DEBUG_MSG(DEBUG_HS, "Alert (%x:%d -> %x:%d) (%s) %02x %02x \n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), (incoming) ? "incoming" : "outgoing", p[0], p[1]);
 
             //re-encrypt alert
             if(((incoming) && (f->in_encrypted > 0)) || ((!incoming) && (f->out_encrypted > 0))){
                 int32_t n =  encrypt(f, record+RECORD_HEADER_LEN, record+RECORD_HEADER_LEN, record_len - (RECORD_HEADER_LEN+16), incoming, 0x15, 1, 1);
                 if(n <= 0){
-                    printf("Error re-encrypting alert\n");
+                    DEBUG_MSG(DEBUG_HS, "Error re-encrypting alert\n");
                 }
             }
 
             break;
         case HB:
-            printf("Heartbeat\n");
+            DEBUG_MSG(DEBUG_HS, "Heartbeat\n");
             break;
         default:
-            printf("Error: Not a Record (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
-            fflush(stdout);
+            DEBUG_MSG(DEBUG_HS, "Error: Not a Record (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
             remove_flow(f);
             goto err;
     }
@@ -860,20 +820,12 @@ static int verify_session_id(flow *f, uint8_t *hs){
     //check to see if it matches flow's session id set by ClientHello
     if(f->current_session->session_id_len > 0 && !memcmp(f->current_session->session_id, p, id_len)){
         //if it matched, update flow with master secret :D
-#ifdef DEBUG_HS
-        printf("Session id matched!\n");
-        printf("First session id (%p->%p):", sessions, sessions->first_session);
-#endif
+        DEBUG_MSG(DEBUG_HS, "Session id matched!\n");
+
         session *last = sessions->first_session;
         int found = 0;
         for(int i=0; ((i<sessions->length) && (!found)); i++){
-#ifdef DEBUG_HS_EXTRA
-            printf("Checking saved session id: ");
-            for (int j=0; j< last->session_id_len; j++){
-                printf("%02x ", last->session_id[j]);
-            }
-            printf("\n");
-#endif
+
             if(!memcmp(last->session_id, f->current_session->session_id, id_len)){
                 memcpy(f->master_secret, last->master_secret, SSL3_MASTER_SECRET_SIZE);
                 found = 1;
@@ -887,13 +839,9 @@ static int verify_session_id(flow *f, uint8_t *hs){
                     if(!memcmp(last->session_ticket, f->current_session->session_ticket, f->current_session->session_ticket_len)){
                         memcpy(f->master_secret, last->master_secret, SSL3_MASTER_SECRET_SIZE);
                         found = 1;
-#ifdef DEBUG_HS
-                        printf("Found new session ticket (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-                        for(int i=0; i< last->session_ticket_len; i++){
-                            printf("%02x ", last->session_ticket[i]);
-                        }
-                        printf("\n");
-#endif
+
+                        DEBUG_MSG(DEBUG_HS, "Found new session ticket (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
+                        DEBUG_BYTES(DEBUG_HS, last->session_ticket, last->session_ticket_len);
                     }
                 }
                 last = last->next;
@@ -910,14 +858,10 @@ static int verify_session_id(flow *f, uint8_t *hs){
                 if(last->session_ticket_len == f->current_session->session_ticket_len){
                     if(!memcmp(last->session_ticket, f->current_session->session_ticket, f->current_session->session_ticket_len)){
                         memcpy(f->master_secret, last->master_secret, SSL3_MASTER_SECRET_SIZE);
-#ifdef DEBUG_HS
-                        printf("Found new session ticket (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-                        for(int i=0; i< last->session_ticket_len; i++){
-                            printf("%02x ", last->session_ticket[i]);
-                        }
-                        printf("\n");
+
+                        DEBUG_MSG(DEBUG_HS, "Found new session ticket (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
+                        DEBUG_BYTES(DEBUG_HS, last->session_ticket, last->session_ticket_len);
                         break;
-#endif
                     }
                 }
                 last = last->next;
@@ -926,7 +870,7 @@ static int verify_session_id(flow *f, uint8_t *hs){
 
     } else if (f->current_session->session_id_len > 0){
         //server refused resumption, save new session id
-        printf("session ids did not match, saving new id\n");
+        DEBUG_MSG(DEBUG_HS, "session ids did not match, saving new id\n");
         save_session_id(f, p);
     }
 
@@ -961,14 +905,11 @@ static int check_extensions(flow *f, uint8_t *hs, uint32_t len){
         f->resume_session = 1;
         memcpy(new_session->session_id, p, new_session->session_id_len);
         new_session->next = NULL;
-#ifdef DEBUG_HS
-        printf("Requested new session (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
-        printf("session id: \n");
-        for(int i=0; i< new_session->session_id_len; i++){
-            printf("%02x ", p[i]);
-        }
-        printf("\n");
-#endif
+
+        DEBUG_MSG(DEBUG_HS, "Requested new session (%x:%d -> %x:%d)\n", f->src_ip.s_addr, f->src_port, f->dst_ip.s_addr, f->dst_port);
+
+        DEBUG_MSG(DEBUG_HS, "session id: \n");
+        DEBUG_BYTES(DEBUG_HS, p, new_session->session_id_len);
 
         f->current_session = new_session;
     }
@@ -1074,12 +1015,9 @@ static int verify_extensions(flow *f, uint8_t *hs, uint32_t len){
     //Check to make sure both client and server included extension
     if(!f->extended_master_secret || !extended_master_secret){
         f->extended_master_secret = 0;
+    } else {
+        DEBUG_MSG(DEBUG_HS, "Extended master secret extension\n");
     }
-#ifdef DEBUG_HS
-    else {
-        printf("Extended master secret extension\n");
-    }
-#endif
 
     return 0;
 
@@ -1145,19 +1083,10 @@ static int save_session_id(flow *f, uint8_t *hs){
 
     sessions->length ++;
 
-#ifdef DEBUG_HS
-    printf("Saved session id:");
-    for(int i=0; i< new_session->session_id_len; i++){
-        printf(" %02x", new_session->session_id[i]);
-    }
-    printf("\n");
-
-    printf("THERE ARE NOW %d saved sessions\n", sessions->length);
-
-#endif
+    DEBUG_MSG(DEBUG_HS, "Saved session id:");
+    DEBUG_BYTES(DEBUG_HS, new_session->session_id, new_session->session_id_len);
 
     return 0;
-
 }
 
 /* Called from NewSessionTicket. Adds the session ticket to the
@@ -1171,13 +1100,10 @@ static int save_session_id(flow *f, uint8_t *hs){
  *  	0 if success, 1 if failed
  */
 int save_session_ticket(flow *f, uint8_t *hs, uint32_t len){
-#ifdef DEBUG_HS
-    printf("TICKET HDR:");
-    for(int i=0; i< HANDSHAKE_HEADER_LEN; i++){
-        printf("%02x ", hs[i]);
-    }
-    printf("\n");
-#endif
+
+    DEBUG_MSG(DEBUG_HS, "TICKET HDR:");
+    DEBUG_BYTES(DEBUG_HS, hs, HANDSHAKE_HEADER_LEN);
+
     uint8_t *p = hs + HANDSHAKE_HEADER_LEN;
     p += 4;
     session *new_session = scalloc(1, sizeof(session));
@@ -1211,25 +1137,12 @@ int save_session_ticket(flow *f, uint8_t *hs, uint32_t len){
 
     sessions->length ++;
 
-#ifdef DEBUG_HS
-    printf("Saved session ticket:");
-    for(int i=0; i< new_session->session_ticket_len; i++){
-        printf(" %02x", p[i]);
-    }
-    printf("\n");
-    fflush(stdout);
-
-    printf("Saved session master secret:");
-    for(int i=0; i< SSL3_MASTER_SECRET_SIZE; i++){
-        printf(" %02x", new_session->master_secret[i]);
-    }
-    printf("\n");
-    fflush(stdout);
+    DEBUG_MSG(DEBUG_HS, "Saved session ticket:");
+    DEBUG_BYTES(DEBUG_HS, p, new_session->session_ticket_len);
 
-    printf("THERE ARE NOW %d saved sessions (2)\n", sessions->length);
-    fflush(stdout);
+    DEBUG_MSG(DEBUG_HS, "Saved session master secret:");
+    DEBUG_BYTES(DEBUG_HS, new_session->master_secret, SSL3_MASTER_SECRET_SIZE);
 
-#endif
     return 0;
 }
 
@@ -1344,10 +1257,6 @@ int add_packet(flow *f, struct packet_info *info){
                     const struct record_header *record_hdr = (struct record_header *) next->data;
                     chain->record_len = RECORD_LEN(record_hdr)+RECORD_HEADER_LEN;
                     chain->remaining_record_len = chain->record_len;
-#ifdef DEBUG
-                    printf("Found record of type %d\n", record_hdr->type);
-                    fflush(stdout);
-#endif
 
                 }
             }
@@ -1369,34 +1278,22 @@ int add_packet(flow *f, struct packet_info *info){
 
                 if(f->in_encrypted ==2 && incoming){
                     //if server finished message was received, copy changes back to packet
+                    DEBUG_MSG(DEBUG_HS, "Replacing info->data with finished message (%d bytes).\n", info_len);
 
-#ifdef DEBUG
-                    printf("Replacing info->data with finished message (%d bytes).\n", info_len);
+                    DEBUG_MSG(DEBUG_HS, "Previous bytes:\n");
+                    DEBUG_BYTES(DEBUG_HS, (info->app_data + info_offset), info_len);
+
+                    DEBUG_MSG(DEBUG_HS, "New bytes:\n");
+                    DEBUG_BYTES(DEBUG_HS, (record + record_offset), info_len);
+
+                    DEBUG_MSG(DEBUG_HS, "Previous packet contents:\n");
+                    DEBUG_BYTES(DEBUG_HS, info->app_data, info->app_data_len);
 
-                    printf("Previous bytes:\n");
-                    for(int i=0; i<info_len; i++){
-                        printf("%02x ", info->app_data[info_offset+i]);
-                    }
-                    printf("\n");
-                    printf("New bytes:\n");
-                    for(int i=0; i<info_len; i++){
-                        printf("%02x ", record[record_offset+i]);
-                    }
-                    printf("\n");
-                    printf("SLITHEEN: Previous packet contents:\n");
-                    for(int i=0; i< info->app_data_len; i++){
-                        printf("%02x ", info->app_data[i]);
-                    }
-                    printf("\n");
-#endif
                     memcpy(info->app_data+info_offset, record+record_offset, info_len);
-#ifdef DEBUG
-                    printf("SLITHEEN: Current packet contents:\n");
-                    for(int i=0; i< info->app_data_len; i++){
-                        printf("%02x ", info->app_data[i]);
-                    }
-                    printf("\n");
-#endif
+
+                    DEBUG_MSG(DEBUG_HS, "SLITHEEN: Current packet contents:\n");
+                    DEBUG_BYTES(DEBUG_HS, info->app_data, info->app_data_len);
+
                     //update TCP checksum
                     tcp_checksum(info);
                 }

relay_station/packet.c

@@ -121,13 +121,5 @@ void inject_packet(struct inject_args *iargs, const struct pcap_pkthdr *header,
         printf("Length: %d\n", header->len);
     }
 
-#ifdef DEBUG_EXTRA
-    fprintf(stderr, "injected the following packet:\n");
-    for(int i=0; i< header->len; i++){
-        fprintf(stderr, "%02x ", packet[i]);
-    }
-    fprintf(stderr, "\n");
-
-#endif
     free(packet);
 }

relay_station/relay.c

@@ -113,13 +113,10 @@ int replace_packet(flow *f, struct packet_info *info){
         return 0;
     }
 
-#ifdef DEBUG
-    fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
-    fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
-    fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
-    fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
-    fflush(stdout);
-#endif
+    DEBUG_MSG(DEBUG_FLOW, "Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
+    DEBUG_MSG(DEBUG_FLOW, "ID number: %u\n", htonl(info->ip_hdr->id));
+    DEBUG_MSG(DEBUG_FLOW, "Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
+    DEBUG_MSG(DEBUG_FLOW, "Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
 
     if(info->app_data_len <= 0){
         return 0;
@@ -131,10 +128,8 @@ int replace_packet(flow *f, struct packet_info *info){
         return 0;
     } else {
 
-#ifdef DEBUG
-        printf("Current sequence number: %d\n", f->downstream_seq_num);
-        printf("Received sequence number: %d\n", htonl(info->tcp_hdr->sequence_num));
-#endif
+        DEBUG_MSG(DEBUG_FLOW, "Current sequence number: %d\n", f->downstream_seq_num);
+        DEBUG_MSG(DEBUG_FLOW, "Received sequence number: %d\n", htonl(info->tcp_hdr->sequence_num));
 
         uint32_t offset = htonl(info->tcp_hdr->sequence_num) - f->downstream_seq_num;
         if(offset == 0)
@@ -143,17 +138,6 @@ int replace_packet(flow *f, struct packet_info *info){
         /* if incoming, replace with data from queue */
         process_downstream(f, offset, info);
 
-#ifdef DEBUG2
-        uint8_t *p = (uint8_t *) info->tcp_hdr;
-        fprintf(stdout, "ip hdr length: %d\n", htons(info->ip_hdr->len));
-        fprintf(stdout, "Injecting the following packet:\n");
-        for(int i=0; i< htons(info->ip_hdr->len)-1; i++){
-            fprintf(stdout, "%02x ", p[i]);
-        }
-        fprintf(stdout, "\n");
-        fflush(stdout);
-#endif
-
     }
     return 0;
 
@@ -278,20 +262,14 @@ static int read_header(flow *f, struct packet_info *info){
     }
 
     if(record_hdr->type == 0x15){
-        printf("received alert %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
-        for(int i=0; i<decrypted_len; i++){
-            printf("%02x ", decrypted_data[EVP_GCM_TLS_EXPLICIT_IV_LEN + i]);
-        }
-        printf("\n");
-        fflush(stdout);
+        DEBUG_MSG(DEBUG_UP, "received alert %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
+        DEBUG_BYTES(DEBUG_UP, (decrypted_data + EVP_GCM_TLS_EXPLICIT_IV_LEN), decrypted_len);
 
         //TODO: re-encrypt and return
     }
 
-#ifdef DEBUG_US
-    printf("Upstream data: (%x:%d > %x:%d )\n",info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port));
-    printf("%s\n", decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN);
-#endif
+    DEBUG_MSG(DEBUG_UP, "Upstream data: (%x:%d > %x:%d )\n",info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port));
+    DEBUG_MSG(DEBUG_UP, "%s\n", decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN);
 
     /* search through decrypted data for x-ignore */
     char *header_ptr = strstr((const char *) decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN, "X-Slitheen");
@@ -305,19 +283,15 @@ static int read_header(flow *f, struct packet_info *info){
         return 0;
     }
 
-#ifdef DEBUG_US
-    printf("UPSTREAM: Found x-slitheen header\n");
-    fflush(stdout);
-    fprintf(stdout,"UPSTREAM Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port) ,(info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
-    fprintf(stdout, "Sequence number: %d\n", ntohs(info->tcp_hdr->sequence_num));
-#endif
+    DEBUG_MSG(DEBUG_UP, "UPSTREAM: Found x-slitheen header\n");
+    DEBUG_MSG(DEBUG_UP, "UPSTREAM Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port) ,(info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
+    DEBUG_MSG(DEBUG_UP, "Sequence number: %d\n", ntohs(info->tcp_hdr->sequence_num));
 
     header_ptr += strlen("X-Slitheen: ");
 
     if(*header_ptr == '\r' || *header_ptr == '\0'){
-#ifdef DEBUG_US
-        printf("No messages\n");
-#endif
+        DEBUG_MSG(DEBUG_UP, "No messages\n");
+
         free(decrypted_data);
         return 0;
     }
@@ -336,9 +310,8 @@ static int read_header(flow *f, struct packet_info *info){
     }
     c++;
     *c = '\0';
-#ifdef DEBUG_US
-    printf("UPSTREAM: Found %d messages\n", num_messages);
-#endif
+
+    DEBUG_MSG(DEBUG_UP, "UPSTREAM: Found %d messages\n", num_messages);
 
     for(int i=0; i< num_messages; i++){
         char *message = messages[i];
@@ -365,45 +338,23 @@ static int read_header(flow *f, struct packet_info *info){
 
         BIO_free_all(bio);
 
-#ifdef DEBUG_US
-        printf("Decoded to get %d bytes:\n", output_len);
-        for(int j=0; j< output_len; j++){
-            printf("%02x ", upstream_data[j]);
-        }
-        printf("\n");
-        fflush(stdout);
-#endif
+        DEBUG_MSG(DEBUG_UP, "Decoded to get %d bytes:\n", output_len);
+        DEBUG_BYTES(DEBUG_UP, upstream_data, output_len);
+
         p = upstream_data;
 
         if(i== 0){
             //this is the Slitheen ID
-#ifdef DEBUG_US
-            printf("Slitheen ID:");
-            for(int j=0; j< output_len; j++){
-                printf("%02x ", p[j]);
-            }
-            printf("\n");
-#endif
+            DEBUG_MSG(DEBUG_UP, "Slitheen ID:");
+            DEBUG_BYTES(DEBUG_UP, p, output_len);
 
             //find stream table or create new one
-
             client *last = clients->first;
             while(last != NULL){
                 if(!memcmp(last->slitheen_id, p, output_len)){
                     f->downstream_queue = last->downstream_queue;
                     f->client_ptr = last; 
                     break;
-#ifdef DEBUG_US
-                } else {
-                    for(int j=0; j< output_len; j++){
-                        printf("%02x ", last->slitheen_id[j]);
-                    }
-                    printf(" != ");
-                    for(int j=0; j< output_len; j++){
-                        printf("%02x ", p[j]);
-                    }
-                    printf("\n");
-#endif
                 }
                 last = last->next;
             }
@@ -411,7 +362,7 @@ static int read_header(flow *f, struct packet_info *info){
             if(f->client_ptr == NULL){
                 //create new client
 
-                printf("Creating a new client\n");
+                DEBUG_MSG(DEBUG_UP, "Creating a new client\n");
                 client *new_client = smalloc(sizeof(client));
 
                 memcpy(new_client->slitheen_id, p, output_len);
@@ -480,14 +431,13 @@ static int read_header(flow *f, struct packet_info *info){
             if(stream_pipe != -1){
                 if(stream_len ==0){
 
-                    printf("Client closed. We are here\n");
+                    DEBUG_MSG(DEBUG_UP, "Client closed. We are here\n");
                     close(stream_pipe);
                     break;
                 }
-#ifdef DEBUG_US
-                printf("Found stream id %d\n", last->stream_id);
-                printf("Writing %d bytes to pipe\n", stream_len);
-#endif
+                DEBUG_MSG(DEBUG_UP, "Found stream id %d\n", last->stream_id);
+                DEBUG_MSG(DEBUG_UP, "Writing %d bytes to pipe\n", stream_len);
+
                 int32_t bytes_sent = write(stream_pipe, p, stream_len);
                 if(bytes_sent < 0){
                     printf("Error sending bytes to stream pipe\n");
@@ -582,10 +532,7 @@ static void *proxy_covert_site(void *data){
 
     int32_t bytes_sent;
 
-#ifdef DEBUG_PROXY
-    printf("PROXY: created new thread for stream %d\n", stream_id);
-#endif
-
+    DEBUG_MSG(DEBUG_PROXY, "PROXY: created new thread for stream %d\n", stream_id);
 
     data_queue *downstream_queue = thread_data->downstream_queue;
     client *clnt = thread_data->client;
@@ -599,7 +546,7 @@ static void *proxy_covert_site(void *data){
 
     //see if it's a connect request
     if(clnt_req->cmd != 0x01){
-        printf("PROXY: error not a connect request\n");
+        DEBUG_MSG(DEBUG_PROXY, "PROXY: error not a connect request\n");
         goto err;
     }
 
@@ -654,10 +601,7 @@ static void *proxy_covert_site(void *data){
 
     int32_t error = connect (handle, (struct sockaddr *) &dest, sizeof (struct sockaddr));
 
-#ifdef DEBUG_PROXY
-    printf("PROXY: Connected to covert site for stream %d\n", stream_id);
-#endif
-    fflush(stdout);
+    DEBUG_MSG(DEBUG_PROXY, "PROXY: Connected to covert site for stream %d\n", stream_id);
 
     if(error <0){
         goto err;
@@ -667,14 +611,9 @@ static void *proxy_covert_site(void *data){
 
     //see if there were extra upstream bytes
     if(data_len > 0){
-#ifdef DEBUG_PROXY
-        printf("Data len is %d\n", data_len);
-        printf("Upstream bytes: ");
-        for(int i=0; i< data_len; i++){
-            printf("%02x ", p[i]);
-        }
-        printf("\n");
-#endif
+        DEBUG_MSG(DEBUG_PROXY, "Data len is %d\n", data_len);
+        DEBUG_BYTES(DEBUG_PROXY, p, data_len);
+
         bytes_sent = send(handle, p,
                 data_len, 0);
         if( bytes_sent <= 0){
@@ -710,27 +649,22 @@ static void *proxy_covert_site(void *data){
             int32_t bytes_read = read(thread_data->pipefd, buffer, buffer_len);
 
             if(bytes_read > 0){
-#ifdef DEBUG_PROXY
-                printf("PROXY (id %d): read %d bytes from pipe\n", stream_id, bytes_read);
-                for(int i=0; i< bytes_read; i++){
-                    printf("%02x ", buffer[i]);
-                }
-                printf("\n");
-                printf("%s\n", buffer);
-#endif
+                DEBUG_MSG(DEBUG_PROXY, "PROXY (id %d): read %d bytes from pipe\n", stream_id, bytes_read);
+                DEBUG_BYTES(DEBUG_PROXY, buffer, bytes_read);
+
                 bytes_sent = send(handle, buffer,
                         bytes_read, 0);
                 if( bytes_sent <= 0){
-                    printf("Error sending bytes to covert site (stream %d)\n", stream_id);
+                    DEBUG_MSG(DEBUG_PROXY, "Error sending bytes to covert site (stream %d)\n", stream_id);
                     break;
                 } else if (bytes_sent < bytes_read){
-                    printf("Sent less bytes than read to covert site (stream %d)\n", stream_id);
+                    DEBUG_MSG(DEBUG_PROXY, "Sent less bytes than read to covert site (stream %d)\n", stream_id);
                     break;
                 }
             } else {
                 //Client closed the connection, we can delete this stream from the downstream queue
 
-                printf("Deleting stream %d from the downstream queue\n", stream_id);
+                DEBUG_MSG(DEBUG_PROXY, "Deleting stream %d from the downstream queue\n", stream_id);
 
                 sem_wait(&clnt->queue_lock);
 
@@ -739,8 +673,6 @@ static void *proxy_covert_site(void *data){
                 while(last != NULL){
                     if(last->stream_id == stream_id){
                         //remove block from queue
-                        printf("removing a block!\n");
-                        fflush(stdout);
                         if(last == downstream_queue->first_block){
                             downstream_queue->first_block = last->next;
                             free(last->data);
@@ -760,8 +692,7 @@ static void *proxy_covert_site(void *data){
                 }
 
                 sem_post(&clnt->queue_lock);
-                printf("Finished deleting from downstream queue\n");
-                fflush(stdout);
+                DEBUG_MSG(DEBUG_PROXY, "Finished deleting from downstream queue\n");
                 break;
             }
 
@@ -774,15 +705,8 @@ static void *proxy_covert_site(void *data){
             if(bytes_read > 0){
                 uint8_t *new_data = smalloc(bytes_read);
                 memcpy(new_data, buffer, bytes_read);
-#ifdef DEBUG_PROXY
-                printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
-                for(int i=0; i< bytes_read; i++){
-                    printf("%02x ", buffer[i]);
-                }
-                printf("\n");
-
-
-#endif
+                DEBUG_MSG(DEBUG_PROXY, "PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
+                DEBUG_BYTES(DEBUG_PROXY, buffer, bytes_read);
 
                 //make a new queue block
                 queue_block *new_block = smalloc(sizeof(queue_block));
@@ -803,7 +727,7 @@ static void *proxy_covert_site(void *data){
                 }
                 sem_post(&clnt->queue_lock);
             } else {
-                printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
+                DEBUG_MSG(DEBUG_PROXY, "PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
 
                 break;
             }
@@ -811,7 +735,7 @@ static void *proxy_covert_site(void *data){
         }
     }
 
-    printf("Closing connection for stream %d\n", stream_id);
+    DEBUG_MSG(DEBUG_PROXY, "Closing connection for stream %d\n", stream_id);
     //remove self from list 
     stream *last = streams->first;
     stream *prev = last;
@@ -930,14 +854,9 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
         } else { //new record
 
             if(remaining_packet_len < RECORD_HEADER_LEN){
-#ifdef DEBUG
-                printf("partial record header: \n");
-                for(int i= 0; i< remaining_packet_len; i++){
-                    printf("%02x ", p[i]);
-                }
-                printf("\n");
-                fflush(stdout);
-#endif
+                DEBUG_MSG(DEBUG_DOWN, "partial record header: \n");
+                DEBUG_BYTES(DEBUG_DOWN, p, remaining_packet_len);
+
                 f->partial_record_header = smalloc(RECORD_HEADER_LEN);
                 memcpy(f->partial_record_header, p, remaining_packet_len);
                 f->partial_record_header_len = remaining_packet_len;
@@ -956,29 +875,13 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
             }
             record_len = RECORD_LEN(record_hdr);
 
-#ifdef DEBUG_DOWN
-            fprintf(stdout,"Flow: %x > %x (%s)\n", info->ip_hdr->src.s_addr, info->ip_hdr->dst.s_addr, (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
-            fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
-            fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
-            fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
-            fprintf(stdout, "Record:\n");
-            for(int i=0; i< RECORD_HEADER_LEN; i++){
-                printf("%02x ", ((uint8_t *) record_hdr)[i]);
-            }
-            printf("\n");
-
-            printf("Text: ");
-            printf("%s", ((uint8_t *) record_hdr) + RECORD_HEADER_LEN);
-            printf("\n");
-
-            fflush(stdout);
-#endif
+            DEBUG_MSG(DEBUG_DOWN, "Record:\n");
+            DEBUG_BYTES(DEBUG_DOWN, ((uint8_t *) record_hdr), RECORD_HEADER_LEN);
 
             p += (RECORD_HEADER_LEN - f->partial_record_header_len);
             remaining_packet_len -= (RECORD_HEADER_LEN - f->partial_record_header_len);
 
 
-
             if(record_len > remaining_packet_len){
                 partial = 1;
 
@@ -997,13 +900,8 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
             memcpy(record_ptr, p, remaining_record_len); //points to the beginning of record data
         }
 
-#ifdef DEBUG_DOWN
-        printf("Received bytes (len %d)\n", remaining_record_len);
-        for(int i=0; i< remaining_record_len; i++){
-            printf("%02x ", p[i]);
-        }
-        printf("\n");
-#endif
+        DEBUG_MSG(DEBUG_DOWN, "Received bytes (len %d)\n", remaining_record_len);
+        DEBUG_BYTES(DEBUG_DOWN, p, remaining_record_len);
 
         record = p; // save location of original data
         p = record_ptr;
@@ -1015,13 +913,9 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
             //if we now have all of the record, decrypt full thing and check tag
             if(f->partial_record_len == f->partial_record_total_len){
 
-#ifdef DEBUG_DOWN
-                printf("Received full partial record (len=%d):\n", f->partial_record_len);
-                for(int i=0; i< f->partial_record_len; i ++){
-                    printf("%02x", record_ptr[i]);
-                }
-                printf("\n");
-#endif
+                DEBUG_MSG(DEBUG_DOWN, "Received full partial record (len=%d):\n", f->partial_record_len);
+                DEBUG_BYTES(DEBUG_DOWN, record_ptr, f->partial_record_len);
+
                 n = encrypt(f, record_ptr, record_ptr, f->partial_record_len, 1, 0x17, 0, 0);
                 if(n <= 0){
                     free(f->partial_record_dec);
@@ -1087,30 +981,17 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
         }
         changed = 1;
 
-#ifdef DEBUG_DOWN
-        printf("Decrypted new record\n");
-        printf("Bytes:\n");
-        for(int i=0; i< n; i++){
-            printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
-        }
-        printf("\n");
-        printf("Text:\n");
-        printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
-
-        printf("Parseable text:\n");
-        printf("%s\n", p);
-        fflush(stdout);
-
-#endif
+        DEBUG_MSG(DEBUG_DOWN, "Decrypted new record:\n");
+        DEBUG_BYTES(DEBUG_DOWN, (record_ptr + EVP_GCM_TLS_EXPLICIT_IV_LEN), n);
+        DEBUG_MSG(DEBUG_DOWN, "Text:\n%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
+        DEBUG_MSG(DEBUG_DOWN, "Parseable text:\n%s\n", p);
 
         char *len_ptr, *needle;
 
         while(remaining_record_len > 0){
 
-#ifdef RESOURCE_DEBUG
-            printf("Current state (flow %p): %x\n", f, f->httpstate);
-            printf("Remaining record len: %d\n", remaining_record_len);
-#endif
+            DEBUG_MSG(DEBUG_DOWN, "Current state (flow %p): %x\n", f, f->httpstate);
+            DEBUG_MSG(DEBUG_DOWN, "Remaining record len: %d\n", remaining_record_len);
 
             switch(f->httpstate){
 
@@ -1126,9 +1007,8 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                             c[0] = ' ';
                             c++;
                         }
-#ifdef RESOURCE_DEBUG
-                        printf("Found and replaced leaf header\n");
-#endif
+                        DEBUG_MSG(DEBUG_DOWN, "Found and replaced leaf header\n");
+
                     } else {
                         //check for video
                         len_ptr = strstr((const char *) p, "Content-Type: video/webm");
@@ -1159,14 +1039,11 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                             f->httpstate = PARSE_HEADER;
                             remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
                             p = (uint8_t *) len_ptr + 4;
-#ifdef RESOURCE_DEBUG
-                            printf("Found a 304 not modified, waiting for next header\n");
-                            printf("Remaining record len: %d\n", remaining_record_len);
-#endif
+
+                            DEBUG_MSG(DEBUG_DOWN, "Found a 304 not modified, waiting for next header\n");
+                            DEBUG_MSG(DEBUG_DOWN, "Remaining record len: %d\n", remaining_record_len);
                         } else {
-#ifdef RESOURCE_DEBUG
-                            printf("Missing end of header. Sending to FORFEIT_REST (%p)\n", f);
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Missing end of header. Sending to FORFEIT_REST (%p)\n", f);
                             f->httpstate = FORFEIT_REST;
                         }
 
@@ -1203,29 +1080,28 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                         len_ptr = strstr((const char *) p, "Content-Length:");
                         if(len_ptr != NULL){
                             len_ptr += 15;
-                            f->remaining_response_len = strtol((const char *) len_ptr, NULL, 10);
-#ifdef RESOURCE_DEBUG
-                            printf("content-length: %d\n", f->remaining_response_len);
-#endif
+                            f->remaining_response_len =
+                                strtol((const char *) len_ptr, NULL, 10);
+
+                            DEBUG_MSG(DEBUG_DOWN, "content-length: %d\n",
+                                    f->remaining_response_len);
                             len_ptr = strstr((const char *) p, "\r\n\r\n");
                             if(len_ptr != NULL){
                                 f->httpstate = MID_CONTENT;
                                 remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
                                 p = (uint8_t *) len_ptr + 4;
-#ifdef RESOURCE_DEBUG
-                                printf("Remaining record len: %d\n", remaining_record_len);
-#endif
+
+                                DEBUG_MSG(DEBUG_DOWN, "Remaining record len: %d\n",
+                                        remaining_record_len);
                             } else {
                                 remaining_record_len = 0;
-#ifdef RESOURCE_DEBUG
-                                printf("Missing end of header. Sending to FORFEIT_REST (%p)\n", f);
-#endif
+                                DEBUG_MSG(DEBUG_DOWN, "Missing end of header. Sending to FORFEIT_REST (%p)\n", f);
+
                                 f->httpstate = FORFEIT_REST;
                             }
                         } else {
-#ifdef RESOURCE_DEBUG
-                            printf("No content length of transfer encoding field, sending to FORFEIT_REST (%p)\n", f);
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "No content length of transfer encoding field, sending to FORFEIT_REST (%p)\n", f);
+
                             f->httpstate = FORFEIT_REST;
                             remaining_record_len = 0;
                         }
@@ -1239,13 +1115,8 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                         if(f->replace_response){
                             fill_with_downstream(f, p, remaining_record_len);
 
-#ifdef DEBUG_DOWN
-                            printf("Replaced with:\n");
-                            for(int i=0; i< remaining_record_len; i++){
-                                printf("%02x ", p[i]);
-                            }
-                            printf("\n");
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Replaced leaf with:\n");
+                            DEBUG_BYTES(DEBUG_DOWN, p, remaining_record_len);
                         }
 
                         f->remaining_response_len -= remaining_record_len;
@@ -1257,20 +1128,13 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                         if(f->replace_response){
                             fill_with_downstream(f, p, remaining_record_len);
 
-#ifdef DEBUG_DOWN
-                            printf("Replaced with:\n");
-                            for(int i=0; i< remaining_record_len; i++){
-                                printf("%02x ", p[i]);
-                            }
-                            printf("\n");
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Replaced leaf with:\n");
+                            DEBUG_BYTES(DEBUG_DOWN, p, remaining_record_len);
                         }
                         remaining_record_len -= f->remaining_response_len;
                         p += f->remaining_response_len;
 
-#ifdef DEBUG_DOWN
-                        printf("Change state %x --> PARSE_HEADER (%p)\n", f->httpstate, f);
-#endif
+                        DEBUG_MSG(DEBUG_DOWN, "Change state %x --> PARSE_HEADER (%p)\n", f->httpstate, f);
                         f->httpstate = PARSE_HEADER;
                         f->remaining_response_len = 0;
                     }
@@ -1279,9 +1143,7 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                 case BEGIN_CHUNK:
                     {
                         int32_t chunk_size = strtol((const char *) p, NULL, 16);
-#ifdef RESOURCE_DEBUG
-                        printf("BEGIN_CHUNK: chunk size is %d\n", chunk_size);
-#endif
+                        DEBUG_MSG(DEBUG_DOWN, "BEGIN_CHUNK: chunk size is %d\n", chunk_size);
                         if(chunk_size == 0){
                             f->httpstate = END_BODY;
                         } else {
@@ -1294,9 +1156,7 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                             p = (uint8_t *) needle + 2;
                         } else {
                             remaining_record_len = 0;
-#ifdef RESOURCE_DEBUG
-                            printf("Error parsing in BEGIN_CHUNK, FORFEIT (%p)\n", f);
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Error parsing in BEGIN_CHUNK, FORFEIT (%p)\n", f);
                             f->httpstate = FORFEIT_REST;
                         }
                     }
@@ -1307,13 +1167,8 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                         if(f->replace_response){
                             fill_with_downstream(f, p, remaining_record_len);
 
-#ifdef DEBUG_DOWN
-                            printf("Replaced with:\n");
-                            for(int i=0; i< remaining_record_len; i++){
-                                printf("%02x ", p[i]);
-                            }
-                            printf("\n");
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Replaced leaf with:\n");
+                            DEBUG_BYTES(DEBUG_DOWN, p, remaining_record_len);
                         }
                         f->remaining_response_len -= remaining_record_len;
                         p += remaining_record_len;
@@ -1323,13 +1178,8 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                         if(f->replace_response){
                             fill_with_downstream(f, p, f->remaining_response_len);
 
-#ifdef DEBUG_DOWN
-                            printf("Replaced with:\n");
-                            for(int i=0; i< f->remaining_response_len; i++){
-                                printf("%02x ", p[i]);
-                            }
-                            printf("\n");
-#endif
+                            DEBUG_MSG(DEBUG_DOWN, "Replaced leaf with:\n");
+                            DEBUG_BYTES(DEBUG_DOWN, p, f->remaining_response_len);
                         }
                         remaining_record_len -= f->remaining_response_len;
                         p += f->remaining_response_len;
@@ -1377,19 +1227,11 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
             }
         }
 
-#ifdef DEBUG_DOWN
         if(changed && f->replace_response){
-            printf("Resource is now\n");
-            printf("Bytes:\n");
-            for(int i=0; i< n; i++){
-                printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
-            }
-            printf("\n");
-            printf("Text:\n");
-            printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
-            fflush(stdout);
+            DEBUG_MSG(DEBUG_DOWN, "Resource is now:\n");
+            DEBUG_BYTES(DEBUG_DOWN, (record_ptr + EVP_GCM_TLS_EXPLICIT_IV_LEN), n);
+            DEBUG_MSG(DEBUG_DOWN, "Text:\n%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
         }
-#endif
 
         if(partial){
             //partially encrypting data
@@ -1405,26 +1247,18 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
                 free(record_ptr);
                 return 0;
             }
-#ifdef DEBUG_DOWN
-            printf("Partially encrypted bytes:\n");
-            for(int i=0; i < n + EVP_GCM_TLS_EXPLICIT_IV_LEN; i++){
-                printf("%02x ", record_ptr[i]);
-            }
-            printf("\n");
-#endif
+
+            DEBUG_MSG(DEBUG_DOWN, "Partially encrypted bytes:\n");
+            DEBUG_BYTES(DEBUG_DOWN, record_ptr, n + EVP_GCM_TLS_EXPLICIT_IV_LEN);
 
             //if we received all of the partial packet, add tag and release it
             if (f->partial_record_len == f->partial_record_total_len){
 
                 //compute tag
-#ifdef DEBUG_DOWN
                 partial_aes_gcm_tls_tag(f, record_ptr + n + EVP_GCM_TLS_EXPLICIT_IV_LEN, n);
-                printf("tag: (%d bytes)\n", EVP_GCM_TLS_TAG_LEN);
-                for(int i=0; i< EVP_GCM_TLS_TAG_LEN; i++){
-                    printf("%02x ", record_ptr[n + EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
-                }
-                printf("\n");
-#endif
+                DEBUG_MSG(DEBUG_DOWN, "finished partial tag: (%d bytes)\n", EVP_GCM_TLS_TAG_LEN);
+                DEBUG_BYTES(DEBUG_DOWN, (record_ptr + n + EVP_GCM_TLS_EXPLICIT_IV_LEN),
+                        EVP_GCM_TLS_TAG_LEN);
 
                 if(false_tag){//tag on original record was incorrect O.o add incorrect tag
 
@@ -1465,18 +1299,6 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
             p = record_ptr;
         }
 
-#ifdef DEBUG_DOWN2
-        fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
-        fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
-        fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
-        fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
-        printf("New ciphertext bytes:\n");
-        for(int i=0; i< n; i++){
-            printf("%02x ", record_ptr[i]);
-        }
-        printf("\n");
-#endif
-
         //Copy changed temporary data to original packet
         memcpy(record, p, record_len);
 
@@ -1509,7 +1331,6 @@ static int process_downstream(flow *f, int32_t offset, struct packet_info *info)
  */
 static int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
 
-    printf("In fill_with_ds\n");
     uint8_t *p = data;
     int32_t remaining = length;
     struct slitheen_header *sl_hdr;
@@ -1538,12 +1359,6 @@ static int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
         int32_t block_length = first_block->len;
         int32_t offset = first_block->offset;
 
-#ifdef DEBUG
-        printf("Censored queue is at %p.\n", first_block);
-        printf("This block has %d bytes left\n", block_length - offset);
-        printf("We need %d bytes\n", remaining - SLITHEEN_HEADER_LEN);
-#endif
-
         uint8_t *encrypted_data = p;
         sl_hdr = (struct slitheen_header *) p;
         sl_hdr->counter = ++(client_ptr->encryption_counter);
@@ -1609,18 +1424,10 @@ static int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
         super_encrypt(client_ptr, encrypted_data, data_len + padding);
 
 
-#ifdef DEBUG_DOWN
-        printf("DWNSTRM: slitheen header: ");
-        for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
-            printf("%02x ",((uint8_t *) sl_hdr)[i]);
-        }
-        printf("\n");
-        printf("Sending %d downstream bytes:", data_len);
-        for(int i=0; i< data_len+16+16; i++){
-            printf("%02x ", ((uint8_t *) sl_hdr)[i+SLITHEEN_HEADER_LEN]);
-        }
-        printf("\n");
-#endif
+        DEBUG_MSG(DEBUG_DOWN, "DWNSTRM: slitheen header: ");
+        DEBUG_BYTES(DEBUG_DOWN, ((uint8_t *) sl_hdr), SLITHEEN_HEADER_LEN);
+        DEBUG_MSG(DEBUG_DOWN, "Sending %d downstream bytes:", data_len);
+        DEBUG_BYTES(DEBUG_DOWN, (((uint8_t *) sl_hdr) + SLITHEEN_HEADER_LEN), data_len+16+16);
     }
     //now, if we need more data, fill with garbage
     if(remaining >= SLITHEEN_HEADER_LEN ){
@@ -1633,13 +1440,8 @@ static int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
         sl_hdr->garbage = htons(remaining);
         sl_hdr->zeros = 0x0000;
 
-#ifdef DEBUG_DOWN
-        printf("DWNSTRM: slitheen header: ");
-        for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
-            printf("%02x ", p[i]);
-        }
-        printf("\n");
-#endif
+        DEBUG_MSG(DEBUG_DOWN, "DWNSTRM: slitheen header: ");
+        DEBUG_BYTES(DEBUG_DOWN, p, SLITHEEN_HEADER_LEN);
 
         //encrypt slitheen header
         super_encrypt(client_ptr, p, 0);

relay_station/slitheen.c

@@ -111,7 +111,7 @@ void *sniff_packets(void *args){
     pcap_t *wr_handle;
     char rd_errbuf[BUFSIZ];
     char wr_errbuf[BUFSIZ];
-    uint8_t MAC[ETHER_ADDR_LEN];
+    uint8_t mac[ETHER_ADDR_LEN];
     bpf_u_int32 mask;
     bpf_u_int32 net;
 
@@ -125,7 +125,7 @@ void *sniff_packets(void *args){
     int s = socket(AF_INET, SOCK_DGRAM, 0);
     strcpy(ifr.ifr_name, writedev);
     ioctl(s, SIOCGIFHWADDR, &ifr);
-    memcpy(MAC, ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
+    memcpy(mac, ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
     close(s);
 
     if (pcap_lookupnet(readdev, &net, &mask, rd_errbuf) == -1){
@@ -154,7 +154,7 @@ void *sniff_packets(void *args){
     }
 
     struct inject_args iargs;
-    iargs.mac_addr = MAC;
+    iargs.mac_addr = mac;
     iargs.write_dev = wr_handle;
 
 
@@ -211,20 +211,17 @@ void process_packet(struct inject_args *iargs, const struct pcap_pkthdr *header,
     flow *observed;
     if((observed = check_flow(info)) != NULL){
 
-#ifdef DEBUG
         /*Check sequence number and replay application data if necessary*/
-        fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? "incoming":"outgoing");
-        fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
-        fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
-        fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
-#endif
+        DEBUG_MSG(DEBUG_FLOW, "Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? "incoming":"outgoing");
+        DEBUG_MSG(DEBUG_FLOW, "ID number: %u\n", htonl(info->ip_hdr->id));
+        DEBUG_MSG(DEBUG_FLOW, "Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
+        DEBUG_MSG(DEBUG_FLOW, "Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
 
         uint8_t incoming = (info->ip_hdr->src.s_addr != observed->src_ip.s_addr)? 1 : 0;
         uint32_t seq_num = htonl(info->tcp_hdr->sequence_num);
         uint32_t expected_seq = (incoming)? observed->downstream_seq_num : observed->upstream_seq_num;
-#ifdef DEBUG
-        fprintf(stdout,"Expected sequence number: %u\n", expected_seq);
-#endif
+
+        DEBUG_MSG(DEBUG_FLOW, "Expected sequence number: %u\n", expected_seq);
 
         /* Remove acknowledged data from queue after TCP window is exceeded */
         update_window_expiration(observed, info);
@@ -388,20 +385,18 @@ void save_packet(flow *f, struct packet_info *info){
             if(new_block->seq_num ==
                     f->downstream_seq_num){
                 f->downstream_seq_num += new_block->len;
-#ifdef DEBUG
-                printf("Updated downstream expected seqnum to %u\n",
+
+                DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                         f->downstream_seq_num );
-#endif
             }
         } else {
             f->upstream_app_data->first_packet = new_block;
             if(new_block->seq_num ==
                     f->upstream_seq_num){
                 f->upstream_seq_num += new_block->len;
-#ifdef DEBUG
-                printf("Updated upstream expected seqnum to %u\n",
+
+                DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                         f->upstream_seq_num );
-#endif
             }
         }
 
@@ -419,19 +414,15 @@ void save_packet(flow *f, struct packet_info *info){
                 if(saved_data->next->seq_num ==
                         f->downstream_seq_num){
                     f->downstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated downstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                             f->downstream_seq_num );
-#endif
                 }
             } else {//outgoing
                 if(saved_data->next->seq_num ==
                         f->upstream_seq_num){
                     f->upstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated upstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                             f->upstream_seq_num );
-#endif
                 }
             }
 
@@ -445,19 +436,15 @@ void save_packet(flow *f, struct packet_info *info){
                 if(saved_data->next->seq_num ==
                         f->downstream_seq_num){
                     f->downstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated downstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated downstream expected seqnum to %u\n",
                             f->downstream_seq_num );
-#endif
                 }
             } else {//outgoing
                 if(saved_data->next->seq_num ==
                         f->upstream_seq_num){
                     f->upstream_seq_num += saved_data->next->len;
-#ifdef DEBUG
-                    printf("Updated upstream expected seqnum to %u\n",
+                    DEBUG_MSG(DEBUG_FLOW, "Updated upstream expected seqnum to %u\n",
                             f->upstream_seq_num );
-#endif
                 }
             }
 
@@ -478,11 +465,9 @@ void update_window_expiration(flow *f, struct packet_info *info){
     uint32_t end_seq = htonl(info->tcp_hdr->sequence_num) + info->app_data_len - 1;
     uint32_t window = ack_num + htons(info->tcp_hdr->win_size);
 
-#ifdef DEBUG
-    printf("Received sequence number %u\n", htonl(info->tcp_hdr->sequence_num));
-    printf("Acknowledged up to %u with window expiring at %u\n", ack_num, window);
-    printf("Removing all packets up to %u\n", end_seq);
-#endif
+    DEBUG_MSG(DEBUG_FLOW, "Received sequence number %u\n", htonl(info->tcp_hdr->sequence_num));
+    DEBUG_MSG(DEBUG_FLOW, "Acknowledged up to %u with window expiring at %u\n", ack_num, window);
+    DEBUG_MSG(DEBUG_FLOW, "Removing all packets up to %u\n", end_seq);
 
     packet *saved_data = (incoming)? f->downstream_app_data->first_packet :
         f->upstream_app_data->first_packet;
@@ -499,13 +484,11 @@ void update_window_expiration(flow *f, struct packet_info *info){
         saved_data = (incoming)? f->downstream_app_data->first_packet :
             f->upstream_app_data->first_packet;
 
-#ifdef DEBUG
         if(saved_data != NULL){
-            printf("Currently saved seq_num is now %u\n", saved_data->seq_num);
+            DEBUG_MSG(DEBUG_FLOW, "Currently saved seq_num is now %u\n", saved_data->seq_num);
         } else {
-            printf("Acked all data, queue is empty\n");
+            DEBUG_MSG(DEBUG_FLOW, "Acked all data, queue is empty\n");
         }
-#endif
 
     }
 

relay_station/util.h

@@ -35,6 +35,57 @@
 #include <stddef.h>
 #include <stdint.h>
 
+/* Defined debugging types */
+#ifdef DEBUG_HS
+#define DEBUG_HS 1
+#else
+#define DEBUG_HS 0
+#endif
+
+#ifdef DEBUG_CRYPTO
+#define DEBUG_CRYPTO 1
+#else
+#define DEBUG_CRYPTO 0
+#endif
+
+#ifdef DEBUG_FLOW
+#define DEBUG_FLOW 1
+#else
+#define DEBUG_FLOW 0
+#endif
+
+#ifdef DEBUG_UP
+#define DEBUG_UP 1
+#else
+#define DEBUG_UP 0
+#endif
+
+#ifdef DEBUG_PROXY
+#define DEBUG_PROXY 1
+#else
+#define DEBUG_PROXY 0
+#endif
+
+#ifdef DEBUG_DOWN
+#define DEBUG_DOWN 1
+#else
+#define DEBUG_DOWN 0
+#endif
+
+/* Debugging macros */
+#define DEBUG_MSG(type, ...) \
+    do { \
+        if(type) printf(__VA_ARGS__); \
+    } while(0)
+
+#define DEBUG_BYTES(type, ptr, len) \
+    do { \
+        if(type) { \
+            for(int i=0; i < len; i++) printf("%02x ", ptr[i]); \
+            printf("\n"); \
+        } \
+    } while(0)
+
 void *smalloc(size_t size);
 void *scalloc(size_t nmemb, size_t size);