fix: improve error logging with source/destination details
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Logging improvements:
- Add src_ip, src_port, dst_ip, dst_port to tlsparse error logs
- Add connection details to fingerprint error logs (conn_id, payload_len)
- Include 'unknown' placeholders for packets that fail before parsing
This helps debug issues with truncated ClientHello payloads
and identify problematic connections more easily.
Example log output:
WARN Failed to generate fingerprints
src_ip=192.168.1.10 src_port=54321 dst_ip=10.0.0.1 dst_port=443
conn_id=192.168.1.10:54321->10.0.0.1:443 payload_len=128
error="failed to parse ClientHello: extension data truncated"
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
toto
@ -167,7 +167,11 @@ func main() {
|
||||
clientHello, err := parser.Process(pkt)
|
||||
if err != nil {
|
||||
appLogger.Warn("tlsparse", "Failed to parse TLS ClientHello", map[string]string{
|
||||
"error": err.Error(),
|
||||
"error": err.Error(),
|
||||
"src_ip": "unknown",
|
||||
"src_port": "unknown",
|
||||
"dst_ip": "unknown",
|
||||
"dst_port": "unknown",
|
||||
})
|
||||
continue
|
||||
}
|
||||
@ -186,7 +190,12 @@ func main() {
|
||||
fingerprints, err := fingerprintEngine.FromClientHello(*clientHello)
|
||||
if err != nil {
|
||||
appLogger.Warn("fingerprint", "Failed to generate fingerprints", map[string]string{
|
||||
"error": err.Error(),
|
||||
"error": err.Error(),
|
||||
"src_ip": clientHello.SrcIP,
|
||||
"src_port": fmt.Sprintf("%d", clientHello.SrcPort),
|
||||
"dst_ip": clientHello.DstIP,
|
||||
"dst_port": fmt.Sprintf("%d", clientHello.DstPort),
|
||||
"conn_id": clientHello.ConnID,
|
||||
})
|
||||
continue
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user