#### Pre-Submission Checklist - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [ ] PR should be backported to stable branches - [ ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description Added TLS encryption keys export into the database. Later keys can be searched and saved to a file. Key search can be done by timestamp, connection IP addresses, and port numbers. For key search, used kamcmd utility.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4339
-- Commit Summary --
* tls_tracker: added module for tls encriptions key export
-- File Changes --
A src/modules/tls_tracker/Makefile (75) A src/modules/tls_tracker/README (1) A src/modules/tls_tracker/api.c (33) A src/modules/tls_tracker/api.h (40) A src/modules/tls_tracker/doc/Makefile (4) A src/modules/tls_tracker/doc/tls_tracker.xml (117) A src/modules/tls_tracker/tls_tracker_mod.c (1126) A src/modules/tls_tracker/tls_tracker_mod.h (25) A src/modules/tls_tracker/tls_tracker_rpc.c (478) A src/modules/tls_tracker/tls_tracker_rpc.h (8)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4339.patch https://github.com/kamailio/kamailio/pull/4339.diff
@sergey-safarov pushed 1 commit.
f8e041a313abb515402f01dbb2b2083c63dbe1ba tls_tracker: added module for TLS encryption key export
@sergey-safarov pushed 3 commits.
1a08dad95f06b89a1d9573262d945fe7096a34d2 tls_tracker: added module for TLS encryption key export d5a6b72f585edd05a569afa8f4fe64d9d0ca67ff tls_tracker: added sql database init files c4327d0d7c7ad8169edfeead69b708e03bcd70f1 tls: use tls_tracker api if available
@sergey-safarov pushed 1 commit.
2b9680b11836486999edc2dab3f4dc564fa71796 http_client: use tls_tracker api if available
@sergey-safarov pushed 1 commit.
4e3483844e52703ec186eb7bf72cad39cc5b3ed6 http_client: use tls_tracker api if available
sergey-safarov left a comment (kamailio/kamailio#4339)
@xkaraman could you help me compile this module using cmake. I have added `tls_tracker` module to the module list for compilation and get an error ``` -- Found libphonenumber include directory: /usr/include -- Found libphonenumber library: /usr/lib64/libphonenumber.so;/usr/lib64/libgeocoding.so -- Module pua_rpc has already been added. Skipping... -- PCRE2 library not found... looking with pkg-config -- Checking for module 'libpcre2-8' -- Found libpcre2-8, version 10.45 -- Found NETSNMP: /usr/bin/net-snmp-config -- Found ZLIB: /usr/lib64/libz.so (found version "1.3.1") CMake Error at src/modules/CMakeLists.txt:129 (message): Module directory /root/rpmbuild/BUILD/kamailio-6.1.0-build/kamailio-6.1.0-dev1/src/modules/tls_tracker does not exist. Call Stack (most recent call first): src/modules/CMakeLists.txt:170 (add_module_group) ```
What is the correct fix to compile a new module?
miconda left a comment (kamailio/kamailio#4339)
Thanks for the PR!
However, I think it needs some redesign, because now it seems that it adds mutual dependency and quite some code duplication in the modules that are updated to use the new tls_tracker module (in this PR, the tls and http_client).
IMO, the better approach is to have API functions in the tls and http_client module that allow setting callbacks on some events and then the tls_tracker will leverage them to have its own functions executed.
Also, the additional app data stored in SSL structure has to be done more generic. Adding fields directly to tls_extra_data that are not tls module specific is not scalable in long term. As another note here, the values in tls_extra_data have to be in share memory, not in private/pkg, tls connection and context structures can be accessed from many processes.
The associated tcp connection can be added to tls_extra_data structure, being from the core and could be useful as a common resource, but db_session_id and session_key are very specific to tls_tracker, so they have to be stored in a more generic way, that other modules can leverage a similar mechanism without changing tls code every time.
I will think about it and try to come with some proposal.
miconda left a comment (kamailio/kamailio#4339)
Also, the database table structures have to be defined in xml format inside `src/lib/srdb1/schema/`, the sql files are generated from them (with `make dbschema`). The names of the tables should be prefixed with the name of the module (or a prefix that suggests the module name), like `tls_tracker_connections` and `tls_tracker_keys` (or `tlstrack_connections` `tlstrack_keys`).
xkaraman left a comment (kamailio/kamailio#4339)
Hey @sergey-safarov,
You seem to be missing the `CMakeLists.txt` file, see https://github.com/kamailio/kamailio/blob/master/src/modules/tls/CMakeLists.... for how to write one for it.
-
Daniel-Constantin Mierla -
sergey-safarov
-
Xenofon Karamanos