From b84e945868a66eea8e5cfca5318791bca8330920 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 24 Feb 2017 16:03:26 +0700
Subject: [PATCH] log the encryption level of sent and received packets

---
 protocol/encryption_level.go      | 12 ++++++++++++
 protocol/encryption_level_test.go | 15 +++++++++++++++
 session.go                        | 12 ++++++++----
 3 files changed, 35 insertions(+), 4 deletions(-)
 create mode 100644 protocol/encryption_level_test.go

diff --git a/protocol/encryption_level.go b/protocol/encryption_level.go
index 088a8d24..19480b12 100644
--- a/protocol/encryption_level.go
+++ b/protocol/encryption_level.go
@@ -14,3 +14,15 @@ const (
 	// EncryptionForwardSecure is forward secure
 	EncryptionForwardSecure
 )
+
+func (e EncryptionLevel) String() string {
+	switch e {
+	case EncryptionUnencrypted:
+		return "unencrypted"
+	case EncryptionSecure:
+		return "encrypted (not forward-secure)"
+	case EncryptionForwardSecure:
+		return "forward-secure"
+	}
+	return "unknown"
+}
diff --git a/protocol/encryption_level_test.go b/protocol/encryption_level_test.go
new file mode 100644
index 00000000..12a40d06
--- /dev/null
+++ b/protocol/encryption_level_test.go
@@ -0,0 +1,15 @@
+package protocol
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Encryption Level", func() {
+	It("has the correct string representation", func() {
+		Expect(EncryptionUnspecified.String()).To(Equal("unknown"))
+		Expect(EncryptionUnencrypted.String()).To(Equal("unencrypted"))
+		Expect(EncryptionSecure.String()).To(Equal("encrypted (not forward-secure)"))
+		Expect(EncryptionForwardSecure.String()).To(Equal("forward-secure"))
+	})
+})
diff --git a/session.go b/session.go
index bdcbbf61..e6447d28 100644
--- a/session.go
+++ b/session.go
@@ -320,11 +320,15 @@ func (s *session) handlePacketImpl(p *receivedPacket) error {
 		s.largestRcvdPacketNumber,
 		hdr.PacketNumber,
 	)
-	if utils.Debug() {
-		utils.Debugf("<- Reading packet 0x%x (%d bytes) for connection %x @ %s", hdr.PacketNumber, len(data)+len(hdr.Raw), hdr.ConnectionID, time.Now().Format("15:04:05.000"))
-	}
 
 	packet, err := s.unpacker.Unpack(hdr.Raw, hdr, data)
+	if utils.Debug() {
+		if err != nil {
+			utils.Debugf("<- Reading packet 0x%x (%d bytes) for connection %x @ %s", hdr.PacketNumber, len(data)+len(hdr.Raw), hdr.ConnectionID, time.Now().Format("15:04:05.000"))
+		} else {
+			utils.Debugf("<- Reading packet 0x%x (%d bytes) for connection %x, %s @ %s", hdr.PacketNumber, len(data)+len(hdr.Raw), hdr.ConnectionID, packet.encryptionLevel, time.Now().Format("15:04:05.000"))
+		}
+	}
 	// if the decryption failed, this might be a packet sent by an attacker
 	// don't update the remote address
 	if quicErr, ok := err.(*qerr.QuicError); ok && quicErr.ErrorCode == qerr.DecryptionFailure {
@@ -653,7 +657,7 @@ func (s *session) logPacket(packet *packedPacket) {
 		return
 	}
 	if utils.Debug() {
-		utils.Debugf("-> Sending packet 0x%x (%d bytes) @ %s", packet.number, len(packet.raw), time.Now().Format("15:04:05.000"))
+		utils.Debugf("-> Sending packet 0x%x (%d bytes), %s, @ %s", packet.number, len(packet.raw), packet.encryptionLevel, time.Now().Format("15:04:05.000"))
 		for _, frame := range packet.frames {
 			frames.LogFrame(frame, true)
 		}