diff options
author | Reynir Björnsson | 2023-10-26 16:55:32 +0200 |
---|---|---|
committer | Gert Doering | 2023-11-20 14:45:21 +0100 |
commit | 227799b8345128dd3adf2029323457804209fe93 (patch) | |
tree | 45e963aa738d581450eeab2dafe9bc0d453a3cdf /src/openvpn/openvpn.h | |
parent | b5faf1b2e90fd44c5137a2b8f3da98c7ae482fc1 (diff) | |
download | openvpn-227799b8345128dd3adf2029323457804209fe93.zip openvpn-227799b8345128dd3adf2029323457804209fe93.tar.gz |
protocol_dump: tls-crypt support
Add support for tls-crypt packets in protocol_dump(). Currently,
protocol_dump() will print garbage for tls-crypt packets.
This patch makes protocol_dump print the clear text parts of the packet such
as the auth tag and replay packet id. It does not try to print the wKc for
HARD_RESET_CLIENT_V3 or CONTROL_WKC_V1 packets. It also intentionally
does not print ENCRYPTED placeholders for ack list and DATA, to cut down
on the noise.
Signed-off-by: Reynir Björnsson <reynir@reynir.dk>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <8237adde-2523-9e48-5cd4-070463887dc1@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27310.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/openvpn.h')
-rw-r--r-- | src/openvpn/openvpn.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 5b2be63..dabc5be 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -541,7 +541,8 @@ struct context #define PROTO_DUMP(buf, gc) protocol_dump((buf), \ PROTO_DUMP_FLAGS \ |(c->c2.tls_multi ? PD_TLS : 0) \ - |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0), \ + |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0) \ + |(c->options.tls_crypt_file || c->options.tls_crypt_v2_file ? PD_TLS_CRYPT : 0), \ gc) /* this represents "disabled peer-id" */ |