From a7a19b03bfde9b44e23c199af5d3ecdf1f9ab996 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Fri, 15 Feb 2019 09:19:11 +0100
Subject: ssl: Add debug logging for DTLS

Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
---
 lib/ssl/src/dtls_record.erl | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

(limited to 'lib/ssl/src/dtls_record.erl')

diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
index 2fe875da31..a4846f42c5 100644
--- a/lib/ssl/src/dtls_record.erl
+++ b/lib/ssl/src/dtls_record.erl
@@ -30,7 +30,7 @@
 -include("ssl_cipher.hrl").
 
 %% Handling of incoming data
--export([get_dtls_records/3,  init_connection_states/2, empty_connection_state/1]).
+-export([get_dtls_records/4,  init_connection_states/2, empty_connection_state/1]).
 
 -export([save_current_connection_state/2, next_epoch/2, get_connection_state_by_epoch/3, replay_detect/2,
          init_connection_state_seq/2, current_connection_state_epoch/2]).
@@ -162,24 +162,25 @@ current_connection_state_epoch(#{current_write := #{epoch := Epoch}},
     Epoch.
 
 %%--------------------------------------------------------------------
--spec get_dtls_records(binary(), [ssl_record:ssl_version()], binary()) -> {[binary()], binary()} | #alert{}.
+-spec get_dtls_records(binary(), [ssl_record:ssl_version()], binary(),
+                       #ssl_options{}) -> {[binary()], binary()} | #alert{}.
 %%
 %% Description: Given old buffer and new data from UDP/SCTP, packs up a records
 %% and returns it as a list of tls_compressed binaries also returns leftover
 %% data
 %%--------------------------------------------------------------------
-get_dtls_records(Data, Versions, Buffer) ->
+get_dtls_records(Data, Versions, Buffer, SslOpts) ->
     BinData = list_to_binary([Buffer, Data]),
     case erlang:byte_size(BinData) of
         N when N >= 3 ->
             case assert_version(BinData, Versions) of
                 true ->
-                    get_dtls_records_aux(BinData, []);
+                    get_dtls_records_aux(BinData, [], SslOpts);
                 false ->
                     ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC)
             end;
         _ ->
-            get_dtls_records_aux(BinData, [])
+            get_dtls_records_aux(BinData, [], SslOpts)
     end.
 
 %%====================================================================
@@ -409,42 +410,47 @@ assert_version(<<?BYTE(_), ?BYTE(MajVer), ?BYTE(MinVer), _/binary>>, Versions) -
 
 get_dtls_records_aux(<<?BYTE(?APPLICATION_DATA),?BYTE(MajVer),?BYTE(MinVer),
 		       ?UINT16(Epoch), ?UINT48(SequenceNumber),
-		       ?UINT16(Length), Data:Length/binary, Rest/binary>>,
-		     Acc) ->
+		       ?UINT16(Length), Data:Length/binary, Rest/binary>> = RawDTLSRecord,
+		     Acc, SslOpts) ->
+    ssl_logger:debug(SslOpts#ssl_options.log_level, inbound, 'record', [RawDTLSRecord]),
     get_dtls_records_aux(Rest, [#ssl_tls{type = ?APPLICATION_DATA,
 					 version = {MajVer, MinVer},
 					 epoch = Epoch, sequence_number = SequenceNumber,
-					 fragment = Data} | Acc]);
+					 fragment = Data} | Acc], SslOpts);
 get_dtls_records_aux(<<?BYTE(?HANDSHAKE),?BYTE(MajVer),?BYTE(MinVer),
 		       ?UINT16(Epoch), ?UINT48(SequenceNumber),
 		       ?UINT16(Length),
-		       Data:Length/binary, Rest/binary>>, Acc) when MajVer >= 128 ->
+		       Data:Length/binary, Rest/binary>> = RawDTLSRecord,
+                     Acc, SslOpts) when MajVer >= 128 ->
+    ssl_logger:debug(SslOpts#ssl_options.log_level, inbound, 'record', [RawDTLSRecord]),
     get_dtls_records_aux(Rest, [#ssl_tls{type = ?HANDSHAKE,
 					 version = {MajVer, MinVer},
 					 epoch = Epoch, sequence_number = SequenceNumber,
-					 fragment = Data} | Acc]);
+					 fragment = Data} | Acc], SslOpts);
 get_dtls_records_aux(<<?BYTE(?ALERT),?BYTE(MajVer),?BYTE(MinVer),
 		       ?UINT16(Epoch), ?UINT48(SequenceNumber),
 		       ?UINT16(Length), Data:Length/binary,
-		       Rest/binary>>, Acc) ->
+		       Rest/binary>> = RawDTLSRecord, Acc, SslOpts) ->
+    ssl_logger:debug(SslOpts#ssl_options.log_level, inbound, 'record', [RawDTLSRecord]),
     get_dtls_records_aux(Rest, [#ssl_tls{type = ?ALERT,
 					 version = {MajVer, MinVer},
 					 epoch = Epoch, sequence_number = SequenceNumber,
-					 fragment = Data} | Acc]);
+					 fragment = Data} | Acc], SslOpts);
 get_dtls_records_aux(<<?BYTE(?CHANGE_CIPHER_SPEC),?BYTE(MajVer),?BYTE(MinVer),
 		       ?UINT16(Epoch), ?UINT48(SequenceNumber),
-		       ?UINT16(Length), Data:Length/binary, Rest/binary>>,
-		     Acc) ->
+		       ?UINT16(Length), Data:Length/binary, Rest/binary>> = RawDTLSRecord,
+		     Acc, SslOpts) ->
+    ssl_logger:debug(SslOpts#ssl_options.log_level, inbound, 'record', [RawDTLSRecord]),
     get_dtls_records_aux(Rest, [#ssl_tls{type = ?CHANGE_CIPHER_SPEC,
 					 version = {MajVer, MinVer},
 					 epoch = Epoch, sequence_number = SequenceNumber,
-					 fragment = Data} | Acc]);
+					 fragment = Data} | Acc], SslOpts);
 get_dtls_records_aux(<<?BYTE(_), ?BYTE(_MajVer), ?BYTE(_MinVer),
 		       ?UINT16(Length), _/binary>>,
-		     _Acc) when Length > ?MAX_CIPHER_TEXT_LENGTH ->
+		     _Acc, _) when Length > ?MAX_CIPHER_TEXT_LENGTH ->
     ?ALERT_REC(?FATAL, ?RECORD_OVERFLOW);
 
-get_dtls_records_aux(Data, Acc) ->
+get_dtls_records_aux(Data, Acc, _) ->
     case size(Data) =< ?MAX_CIPHER_TEXT_LENGTH + ?INITIAL_BYTES of
 	true ->
 	    {lists:reverse(Acc), Data};
-- 
cgit v1.2.3