sr-dev

sr-dev@lists.kamailio.org

17 participants
45430 discussions

[kamailio/kamailio] tls_tracker: added module for tls encriptions key export (PR #4339)
by sergey-safarov 25 Jul '25

25 Jul '25

#### Pre-Submission Checklist - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [ ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description Added TLS encryption keys export into the database. Later keys can be searched and saved to a file. Key search can be done by timestamp, connection IP addresses, and port numbers. For key search, used kamcmd utility. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/4339 -- Commit Summary -- * tls_tracker: added module for tls encriptions key export -- File Changes -- A src/modules/tls_tracker/Makefile (75) A src/modules/tls_tracker/README (1) A src/modules/tls_tracker/api.c (33) A src/modules/tls_tracker/api.h (40) A src/modules/tls_tracker/doc/Makefile (4) A src/modules/tls_tracker/doc/tls_tracker.xml (117) A src/modules/tls_tracker/tls_tracker_mod.c (1126) A src/modules/tls_tracker/tls_tracker_mod.h (25) A src/modules/tls_tracker/tls_tracker_rpc.c (478) A src/modules/tls_tracker/tls_tracker_rpc.h (8) -- Patch Links -- https://github.com/kamailio/kamailio/pull/4339.patch https://github.com/kamailio/kamailio/pull/4339.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/4339 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/4339(a)github.com>

3 8

git:master:d3471d94: modules: readme files regenerated - tls ... [skip ci]
by Kamailio Dev 25 Jul '25

25 Jul '25

Module: kamailio Branch: master Commit: d3471d9428973843a55ae71fbe92e7ae87014955 URL: https://github.com/kamailio/kamailio/commit/d3471d9428973843a55ae71fbe92e7a… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2025-07-25T11:46:10+02:00 modules: readme files regenerated - tls ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/d3471d9428973843a55ae71fbe92e7a… Patch: https://github.com/kamailio/kamailio/commit/d3471d9428973843a55ae71fbe92e7a… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index 87b3938f7e8..eb27eee6036 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -1671,6 +1671,14 @@ verify_client = optional_no_ca * 4 (bit 3) - write keys to NOTICE log * 8 (bit 4) - write keys to file * 16 (bit 5) - send keys to udp peer + * 1024 (bit 11) - enable filtering of keys logging. When set, + filtering is done on: "CLIENT_RANDOM", + "CLIENT_HANDSHAKE_TRAFFIC_SECRET", + "SERVER_HANDSHAKE_TRAFFIC_SECRET", "EXPORTER_SECRET", + "CLIENT_TRAFFIC_SECRET_0", "SERVER_TRAFFIC_SECRET_0" + + Bit position is the index starting from 1 (practically a non-zero value + is (2 power (bitpos - 1)) ). The default value: 0.

1 0

git:master:9d7cb360: tls: docs for filtering option for keylog_mode
by Daniel-Constantin Mierla 25 Jul '25

25 Jul '25

Module: kamailio Branch: master Commit: 9d7cb3605a602d5c6ce6f66b6c0b78adeaba2063 URL: https://github.com/kamailio/kamailio/commit/9d7cb3605a602d5c6ce6f66b6c0b78a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2025-07-25T11:40:17+02:00 tls: docs for filtering option for keylog_mode --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/9d7cb3605a602d5c6ce6f66b6c0b78a… Patch: https://github.com/kamailio/kamailio/commit/9d7cb3605a602d5c6ce6f66b6c0b78a… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index bacd5848f99..a39891f3840 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1532,7 +1532,18 @@ verify_client = optional_no_ca <listitem> <para><emphasis>16 (bit 5)</emphasis> - send keys to udp peer</para> </listitem> + <listitem> + <para><emphasis>1024 (bit 11)</emphasis> - enable filtering of + keys logging. When set, filtering is done on: "CLIENT_RANDOM", + "CLIENT_HANDSHAKE_TRAFFIC_SECRET", "SERVER_HANDSHAKE_TRAFFIC_SECRET", + "EXPORTER_SECRET", "CLIENT_TRAFFIC_SECRET_0", "SERVER_TRAFFIC_SECRET_0" + </para> + </listitem> </itemizedlist> + <para> + Bit position is the index starting from 1 (practically a non-zero value + is (2 power (bitpos - 1)) ). + </para> <para> The default value: 0. </para>

1 0

git:master:254d5bd6: tls: added option to filter key logging
by Daniel-Constantin Mierla 25 Jul '25

25 Jul '25

Module: kamailio Branch: master Commit: 254d5bd652e1eb35772375d930786ee5489cebab URL: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2025-07-25T11:40:17+02:00 tls: added option to filter key logging --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_util.c Modified: src/modules/tls/tls_util.h --- Diff: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee… Patch: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee… --- diff --git a/src/modules/tls/tls_domain.c b/src/modules/tls/tls_domain.c index e6dbd60b502..4e2e5e76ede 100644 --- a/src/modules/tls/tls_domain.c +++ b/src/modules/tls/tls_domain.c @@ -1094,6 +1094,11 @@ static void ksr_tls_keylog_callback(const SSL *ssl, const char *line) if(!(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_ACTIVE)) { return; } + if(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_VFILTER) { + if(ksr_tls_keylog_vfilter_match(line) == 0) { + return; + } + } if(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_MLOG) { LM_NOTICE("tlskeylog: %s\n", line); } diff --git a/src/modules/tls/tls_util.c b/src/modules/tls/tls_util.c index 7f35540c29d..01f2a0544e4 100644 --- a/src/modules/tls/tls_util.c +++ b/src/modules/tls/tls_util.c @@ -152,6 +152,36 @@ int ksr_tls_keylog_file_init(void) return 0; } +/** + * + */ +/* clang-format off */ +static const char *ksr_tls_keylog_vfilters[] = { + "CLIENT_RANDOM ", + "CLIENT_HANDSHAKE_TRAFFIC_SECRET ", + "SERVER_HANDSHAKE_TRAFFIC_SECRET ", + "EXPORTER_SECRET ", + "CLIENT_TRAFFIC_SECRET_0 ", + "SERVER_TRAFFIC_SECRET_0 ", + NULL +}; +/* clang-format on */ + +/** + * + */ +int ksr_tls_keylog_vfilter_match(const char *line) +{ + int i; + + for(i = 0; ksr_tls_keylog_vfilters[i] != NULL; i++) { + if(strcasecmp(ksr_tls_keylog_vfilters[i], line) == 0) { + return 1; + } + } + return 0; +} + /** * */ diff --git a/src/modules/tls/tls_util.h b/src/modules/tls/tls_util.h index fde753e64d6..1b6be69383c 100644 --- a/src/modules/tls/tls_util.h +++ b/src/modules/tls/tls_util.h @@ -37,6 +37,7 @@ #define KSR_TLS_KEYLOG_MODE_MLOG (1 << 2) #define KSR_TLS_KEYLOG_MODE_FILE (1 << 3) #define KSR_TLS_KEYLOG_MODE_PEER (1 << 4) +#define KSR_TLS_KEYLOG_MODE_VFILTER (1 << 10) static inline int tls_err_ret( char *s, SSL *ssl, tls_domains_cfg_t **tls_domains_cfg) @@ -94,5 +95,6 @@ int ksr_tls_keylog_file_init(void); int ksr_tls_keylog_file_write(const SSL *ssl, const char *line); int ksr_tls_keylog_peer_init(void); int ksr_tls_keylog_peer_send(const SSL *ssl, const char *line); +int ksr_tls_keylog_vfilter_match(const char *line); #endif /* _TLS_UTIL_H */

1 0

[kamailio/kamailio] github actions packages cleanup troubleshooting (Issue #4282)
by sergey-safarov 25 Jul '25

25 Jul '25

sergey-safarov created an issue (kamailio/kamailio#4282) I have refactored `alpine` image generation. This GitHub action works in a personal repository, but cannot clean up untagged images from the "kamailio" account. Example https://github.com/kamailio/kamailio/actions/runs/15605254192/job/439654377… @linuxmaniac do you have any idea why this can happen? -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4282 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4282(a)github.com>

2 1

git:5.8:e3da0839: Makefile: fix dependency of core/cfg.tab.c rule
by Victor Seva 24 Jul '25

24 Jul '25

Module: kamailio Branch: 5.8 Commit: e3da08394e6f3ae89c41c86da419e07670cbc57f URL: https://github.com/kamailio/kamailio/commit/e3da08394e6f3ae89c41c86da419e07… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2025-07-24T19:24:52+02:00 Makefile: fix dependency of core/cfg.tab.c rule * don't call bison twice Fix #4337 (cherry picked from commit d3e71874cf39c9ab50af293d647754bb589d0612) (cherry picked from commit 959ccfb762f1643ebfc9a57b12e8e7e0df2e7aba) --- Modified: src/Makefile --- Diff: https://github.com/kamailio/kamailio/commit/e3da08394e6f3ae89c41c86da419e07… Patch: https://github.com/kamailio/kamailio/commit/e3da08394e6f3ae89c41c86da419e07… --- diff --git a/src/Makefile b/src/Makefile index 28106b06852..bdec9afcea3 100644 --- a/src/Makefile +++ b/src/Makefile @@ -260,7 +260,8 @@ $(NAME): $(extra_objs) # static_modules core/lex.yy.c: core/cfg.lex core/cfg.tab.h $(ALLDEP) $(LEX) -o core/lex.yy.c $< -core/cfg.tab.c core/cfg.tab.h: core/cfg.y $(ALLDEP) +core/cfg.tab.c: core/cfg.tab.h +core/cfg.tab.h: core/cfg.y $(ALLDEP) $(YACC) $(YACC_FLAGS) $< nullstring=

1 0

git:6.0:959ccfb7: Makefile: fix dependency of core/cfg.tab.c rule
by Victor Seva 24 Jul '25

24 Jul '25

Module: kamailio Branch: 6.0 Commit: 959ccfb762f1643ebfc9a57b12e8e7e0df2e7aba URL: https://github.com/kamailio/kamailio/commit/959ccfb762f1643ebfc9a57b12e8e7e… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2025-07-24T19:24:23+02:00 Makefile: fix dependency of core/cfg.tab.c rule * don't call bison twice Fix #4337 (cherry picked from commit d3e71874cf39c9ab50af293d647754bb589d0612) --- Modified: src/Makefile --- Diff: https://github.com/kamailio/kamailio/commit/959ccfb762f1643ebfc9a57b12e8e7e… Patch: https://github.com/kamailio/kamailio/commit/959ccfb762f1643ebfc9a57b12e8e7e… --- diff --git a/src/Makefile b/src/Makefile index 4ba662535bb..744b1e15e1b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -261,7 +261,8 @@ $(NAME): $(extra_objs) # static_modules core/lex.yy.c: core/cfg.lex core/cfg.tab.h $(ALLDEP) $(LEX) -o core/lex.yy.c $< -core/cfg.tab.c core/cfg.tab.h: core/cfg.y $(ALLDEP) +core/cfg.tab.c: core/cfg.tab.h +core/cfg.tab.h: core/cfg.y $(ALLDEP) $(YACC) $(YACC_FLAGS) $< nullstring=

1 0

[kamailio/kamailio] nondeterministic FTBFS on arm64: parallel build issue? (Issue #4337)
by Victor Seva 24 Jul '25

24 Jul '25

linuxmaniac created an issue (kamailio/kamailio#4337) Forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085171 ``` From: Niko Tyni <ntyni(a)debian.org> To: submit(a)bugs.debian.org Subject: kamailio: nondeterministic FTBFS on arm64: parallel build issue? Date: Tue, 15 Oct 2024 20:33:13 +0300 Source: kamailio Version: 5.8.3-1 Severity: important This package failed to build from source with Perl 5.40 on arm64, but succeeded on the second try. https://buildd.debian.org/status/package.php?p=kamailio It looks the build invokes bison multiple times on the same file, presumably sometimes corrupting the result during parallel builds as there's no locking. I doubt it's really architecture specific. Maybe disable parallel building if there's no better fix? From https://buildd.debian.org/status/fetch.php?pkg=kamailio&arch=arm64&ver=5.8.… bison -d -b core/cfg core/cfg.y bison -d -b core/cfg core/cfg.y Makefile.defs defs skipped Makefile.defs defs skipped gcc -fPIC -DPIC -pthread -DKSR_PTHREAD_MUTEX_SHARED -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DVERSION_NODATE -DNAME='"kamailio"' -DVERSION='"5.8.3"' -DARCH='"aarch64"' -DOS='linux_' -DOS_QUOTED='"linux"' -DCOMPILER='"gcc 14.2.0"' -D__CPU_aarch64 -D__OS_linux -DVERSIONVAL=5008003 -DCFG_DIR='"/etc/kamailio/"' -DSHARE_DIR='"/usr/share/kamailio/"' -DRUN_DIR='"/var/run/kamailio/"' -DPKG_MALLOC -DSHM_MMAP -DDNS_IP_HACK -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DHAVE_RESOLV_RES -DUSE_DNS_CACHE -DUSE_DNS_FAILOVER -DUSE_DST_BLOCKLIST -DUSE_NAPTR -DMEM_JOIN_FREE -DF_MALLOC -DQ_MALLOC -DTLSF_MALLOC -DDBG_SR_MEMORY -DUSE_TLS -DTLS_HOOKS -DUSE_CORE_STATS -DSTATISTICS -DMALLOC_STATS -DUSE_SCTP -DNOSMP -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -DHAVE_TIMEGM -DHAVE_SCHED_SETSCHEDULER -DHAVE_IP_MREQN -DUSE_RAW_SOCKS -DHAVE_EPOLL -DHAVE_SIGIO_RT -DSIGINFO64_WORKAROUND -DUSE_FUTEX -DHAVE_SELECT -DMOD_NAME='"async"' -DMOD_NAMEID='async' -c async_mod.c -o async_mod.o flex -o core/lex.yy.c core/cfg.lex gcc -pthread -DKSR_PTHREAD_MUTEX_SHARED -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DVERSION_NODATE -DNAME='"kamailio"' -DVERSION='"5.8.3"' -DARCH='"aarch64"' -DOS='linux_' -DOS_QUOTED='"linux"' -DCOMPILER='"gcc 14.2.0"' -D__CPU_aarch64 -D__OS_linux -DVERSIONVAL=5008003 -DCFG_DIR='"/etc/kamailio/"' -DSHARE_DIR='"/usr/share/kamailio/"' -DRUN_DIR='"/var/run/kamailio/"' -DPKG_MALLOC -DSHM_MMAP -DDNS_IP_HACK -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DHAVE_RESOLV_RES -DUSE_DNS_CACHE -DUSE_DNS_FAILOVER -DUSE_DST_BLOCKLIST -DUSE_NAPTR -DMEM_JOIN_FREE -DF_MALLOC -DQ_MALLOC -DTLSF_MALLOC -DDBG_SR_MEMORY -DUSE_TLS -DTLS_HOOKS -DUSE_CORE_STATS -DSTATISTICS -DMALLOC_STATS -DUSE_SCTP -DNOSMP -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -DHAVE_TIMEGM -DHAVE_SCHED_SETSCHEDULER -DHAVE_IP_MREQN -DUSE_RAW_SOCKS -DHAVE_EPOLL -DHAVE_SIGIO_RT -DSIGINFO64_WORKAROUND -DUSE_FUTEX -DHAVE_SELECT -c core/lex.yy.c -o core/lex.yy.o In file included from core/cfg.lex:40: core/cfg.tab.h:49: error: unterminated #ifndef 49 | #ifndef YYTOKENTYPE -- Niko Tyni ntyni(a)debian.org ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4337 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4337(a)github.com>

1 1

git:master:d3e71874: Makefile: fix dependency of core/cfg.tab.c rule
by Victor Seva 24 Jul '25

24 Jul '25

Module: kamailio Branch: master Commit: d3e71874cf39c9ab50af293d647754bb589d0612 URL: https://github.com/kamailio/kamailio/commit/d3e71874cf39c9ab50af293d647754b… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2025-07-24T19:20:33+02:00 Makefile: fix dependency of core/cfg.tab.c rule * don't call bison twice Fix #4337 --- Modified: src/Makefile --- Diff: https://github.com/kamailio/kamailio/commit/d3e71874cf39c9ab50af293d647754b… Patch: https://github.com/kamailio/kamailio/commit/d3e71874cf39c9ab50af293d647754b… --- diff --git a/src/Makefile b/src/Makefile index 53c511e4c0e..789e35b55d2 100644 --- a/src/Makefile +++ b/src/Makefile @@ -261,7 +261,8 @@ $(NAME): $(extra_objs) # static_modules core/lex.yy.c: core/cfg.lex core/cfg.tab.h $(ALLDEP) $(LEX) -o core/lex.yy.c $< -core/cfg.tab.c core/cfg.tab.h: core/cfg.y $(ALLDEP) +core/cfg.tab.c: core/cfg.tab.h +core/cfg.tab.h: core/cfg.y $(ALLDEP) $(YACC) $(YACC_FLAGS) $< nullstring=

1 0

[kamailio/kamailio] Dispatcher: ds_is_from_list() only checks first record when doing DNS lookup (Issue #4338)
by Anton Olofsson 24 Jul '25

24 Jul '25

olofssonanton created an issue (kamailio/kamailio#4338) Here in `ds_is_addr_from_set`, `he->h_addr_list` may contain more than one address, but only the first address (as seen by the third argument, `addr_no`) is stored and later used for comparison. https://github.com/kamailio/kamailio/blob/91472b8d1015ace7c40c052a19913d384… https://github.com/kamailio/kamailio/blob/91472b8d1015ace7c40c052a19913d384… If a request is from any other address than the first in the resolved `hostent` address list, `ds_is_from_list` will give a false negative. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4338 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4338(a)github.com>

1 0

← Newer
1
2
3
4
5
6
7
8
...
4543
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev