Loading debian/changelog +7 −0 Original line number Diff line number Diff line libnetplus (20260403+2) unstable; urgency=medium * Add client-side handshake debug logging: Initial/Handshake decrypt status, TLS message flow (ServerHello, EncryptedExtensions, etc.) -- Jan Koester <jan.koester@tuxist.de> Fri, 04 Apr 2026 02:00:00 +0200 libnetplus (20260403+1) unstable; urgency=medium * Add udp::sendTo() method for unconnected socket sends Loading src/quic.cpp +36 −3 Original line number Diff line number Diff line Loading @@ -1633,9 +1633,15 @@ void quic::processInitialPacket(const uint8_t* data, size_t len) { // Initial packets always use AES-128 - use actual packet_len, not full datagram len if (!unprotectPacket(data, packet_len, header, payload, pn, key, iv, hp, true)) { QUIC_DBG("processInitialPacket: decrypt FAILED"); if (!_is_server) { std::cerr << "[QUIC-client] Initial decrypt FAILED len=" << packet_len << std::endl; } return; } QUIC_DBG("processInitialPacket: decrypt OK pn=%lu payload=%zu", (unsigned long)pn, payload.size()); if (!_is_server) { std::cerr << "[QUIC-client] Initial decrypt OK pn=" << pn << " payload=" << payload.size() << std::endl; } // Update largest received packet number if (pn > _initial_pn_recv) { Loading Loading @@ -1698,9 +1704,16 @@ void quic::processHandshakePacket(const uint8_t* data, size_t len) { // Handshake packets use the negotiated cipher - use actual packet_len if (!unprotectPacket(data, packet_len, header, payload, pn, key, iv, hp, false)) { QUIC_DBG("processHandshakePacket: decrypt FAILED"); if (!_is_server) { std::cerr << "[QUIC-client] Handshake decrypt FAILED len=" << packet_len << " cipher=0x" << std::hex << _selected_cipher << std::dec << std::endl; } return; } QUIC_DBG("processHandshakePacket: decrypt OK pn=%lu payload=%zu", (unsigned long)pn, payload.size()); if (!_is_server) { std::cerr << "[QUIC-client] Handshake decrypt OK pn=" << pn << " payload=" << payload.size() << std::endl; } if (pn > _handshake_pn_recv) { Loading Loading @@ -2376,9 +2389,14 @@ void quic::completeHandshake() { size_t recv_len = udp::recvData(recv_buf_wrapper, MSG_DONTWAIT); if (recv_len > 0) { recv_got++; std::cerr << "[QUIC-client] recv " << recv_len << " bytes (attempt " << recv_attempts << ")" << std::endl; processIncomingPacket(reinterpret_cast<const uint8_t*>(recv_buf_wrapper.data.buf), recv_len); const uint8_t* pkt = reinterpret_cast<const uint8_t*>(recv_buf_wrapper.data.buf); std::cerr << "[QUIC-client] recv " << recv_len << " bytes (attempt " << recv_attempts << ") first_byte=0x" << std::hex << (int)pkt[0] << std::dec << " conn_state=" << (int)_conn_state.load() << " hs_complete=" << _handshake_complete << std::endl; processIncomingPacket(pkt, recv_len); std::cerr << "[QUIC-client] after process: conn_state=" << (int)_conn_state.load() << " hs_complete=" << _handshake_complete << std::endl; } } catch (NetException& e) { if (e.getErrorType() != NetException::Note) { Loading Loading @@ -3864,27 +3882,42 @@ void quic::processTLSMessages() { switch (msg_type) { case 0x02: // ServerHello if (!_is_server) { std::cerr << "[QUIC-client] TLS ServerHello received, len=" << msg.size() << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); processServerHello(msg); break; case 0x08: // EncryptedExtensions if (!_is_server) { std::cerr << "[QUIC-client] TLS EncryptedExtensions received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Parse transport parameters (flow control limits, etc.) processEncryptedExtensions(msg); break; case 0x0b: // Certificate if (!_is_server) { std::cerr << "[QUIC-client] TLS Certificate received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Verify server certificate (simplified) break; case 0x0f: // CertificateVerify if (!_is_server) { std::cerr << "[QUIC-client] TLS CertificateVerify received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Verify signature (simplified) break; case 0x14: // Finished if (!_is_server) { std::cerr << "[QUIC-client] TLS Finished received" << std::endl; } processFinished(msg); // Clear transcript after Finished is processed // Transcript is no longer needed after handshake completion Loading Loading
debian/changelog +7 −0 Original line number Diff line number Diff line libnetplus (20260403+2) unstable; urgency=medium * Add client-side handshake debug logging: Initial/Handshake decrypt status, TLS message flow (ServerHello, EncryptedExtensions, etc.) -- Jan Koester <jan.koester@tuxist.de> Fri, 04 Apr 2026 02:00:00 +0200 libnetplus (20260403+1) unstable; urgency=medium * Add udp::sendTo() method for unconnected socket sends Loading
src/quic.cpp +36 −3 Original line number Diff line number Diff line Loading @@ -1633,9 +1633,15 @@ void quic::processInitialPacket(const uint8_t* data, size_t len) { // Initial packets always use AES-128 - use actual packet_len, not full datagram len if (!unprotectPacket(data, packet_len, header, payload, pn, key, iv, hp, true)) { QUIC_DBG("processInitialPacket: decrypt FAILED"); if (!_is_server) { std::cerr << "[QUIC-client] Initial decrypt FAILED len=" << packet_len << std::endl; } return; } QUIC_DBG("processInitialPacket: decrypt OK pn=%lu payload=%zu", (unsigned long)pn, payload.size()); if (!_is_server) { std::cerr << "[QUIC-client] Initial decrypt OK pn=" << pn << " payload=" << payload.size() << std::endl; } // Update largest received packet number if (pn > _initial_pn_recv) { Loading Loading @@ -1698,9 +1704,16 @@ void quic::processHandshakePacket(const uint8_t* data, size_t len) { // Handshake packets use the negotiated cipher - use actual packet_len if (!unprotectPacket(data, packet_len, header, payload, pn, key, iv, hp, false)) { QUIC_DBG("processHandshakePacket: decrypt FAILED"); if (!_is_server) { std::cerr << "[QUIC-client] Handshake decrypt FAILED len=" << packet_len << " cipher=0x" << std::hex << _selected_cipher << std::dec << std::endl; } return; } QUIC_DBG("processHandshakePacket: decrypt OK pn=%lu payload=%zu", (unsigned long)pn, payload.size()); if (!_is_server) { std::cerr << "[QUIC-client] Handshake decrypt OK pn=" << pn << " payload=" << payload.size() << std::endl; } if (pn > _handshake_pn_recv) { Loading Loading @@ -2376,9 +2389,14 @@ void quic::completeHandshake() { size_t recv_len = udp::recvData(recv_buf_wrapper, MSG_DONTWAIT); if (recv_len > 0) { recv_got++; std::cerr << "[QUIC-client] recv " << recv_len << " bytes (attempt " << recv_attempts << ")" << std::endl; processIncomingPacket(reinterpret_cast<const uint8_t*>(recv_buf_wrapper.data.buf), recv_len); const uint8_t* pkt = reinterpret_cast<const uint8_t*>(recv_buf_wrapper.data.buf); std::cerr << "[QUIC-client] recv " << recv_len << " bytes (attempt " << recv_attempts << ") first_byte=0x" << std::hex << (int)pkt[0] << std::dec << " conn_state=" << (int)_conn_state.load() << " hs_complete=" << _handshake_complete << std::endl; processIncomingPacket(pkt, recv_len); std::cerr << "[QUIC-client] after process: conn_state=" << (int)_conn_state.load() << " hs_complete=" << _handshake_complete << std::endl; } } catch (NetException& e) { if (e.getErrorType() != NetException::Note) { Loading Loading @@ -3864,27 +3882,42 @@ void quic::processTLSMessages() { switch (msg_type) { case 0x02: // ServerHello if (!_is_server) { std::cerr << "[QUIC-client] TLS ServerHello received, len=" << msg.size() << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); processServerHello(msg); break; case 0x08: // EncryptedExtensions if (!_is_server) { std::cerr << "[QUIC-client] TLS EncryptedExtensions received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Parse transport parameters (flow control limits, etc.) processEncryptedExtensions(msg); break; case 0x0b: // Certificate if (!_is_server) { std::cerr << "[QUIC-client] TLS Certificate received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Verify server certificate (simplified) break; case 0x0f: // CertificateVerify if (!_is_server) { std::cerr << "[QUIC-client] TLS CertificateVerify received" << std::endl; } // Add to transcript (client receiving from server) _tls_transcript.insert(_tls_transcript.end(), msg.begin(), msg.end()); // Verify signature (simplified) break; case 0x14: // Finished if (!_is_server) { std::cerr << "[QUIC-client] TLS Finished received" << std::endl; } processFinished(msg); // Clear transcript after Finished is processed // Transcript is no longer needed after handshake completion Loading