github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(snownet): log attributes on message integrity failure (#7577)

Browse Source 
We are receiving multiple reports of message, especially error messages
from relays, where the message integrity check fails. To get more
information as to why, this patch extends this error message with the
attributes of the request and response message.
This commit is contained in:
Thomas Eizinger
2024-12-23 20:02:36 +01:00
committed by GitHub
parent d4aafcaf41
commit 1e2bab4420
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
rust/connlib/snownet/src/allocation.rs
View File

@@ -309,7 +309,14 @@ impl Allocation {
let passed_message_integrity_check = self.check_message_integrity(&message);
if message.method() != BINDING && !passed_message_integrity_check {
tracing::warn!("Message integrity check failed");
// We don't want to `remove` the message here otherwise an attacker could change our state with unauthenticated messages.
let request = self
.sent_requests
.get(&transaction_id)
.map(|(_, r, _, _, _)| r.attributes().map(display_attr).collect::<Vec<_>>());
let response = message.attributes().map(display_attr).collect::<Vec<_>>();
tracing::warn!(?request, ?response, "Message integrity check failed");
return true; // The message still indicated that it was for this `Allocation`.
}