[sr-dev] git:master:328d4521: tls: log src and dst IPs in case of protocol level errors in send/receive

Henning Westerholt hw at skalatan.de
Mon Mar 23 12:07:52 CET 2020 

Module: kamailio
Branch: master
Commit: 328d45215514f03d2fcfd88d49e56027f2002b86
URL: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86

Author: Henning Westerholt <hw at skalatan.de>
Committer: Henning Westerholt <hw at skalatan.de>
Date: 2020-03-23T12:06:26+01:00

tls: log src and dst IPs in case of protocol level errors in send/receive

- log src and dst IPs in case of protocol level errors in send/receive
- to help debugging TLS errors in multi-domain/multi-dispatching scenarios

---

Modified: src/modules/tls/tls_server.c

---

Diff:  https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86.diff
Patch: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86.patch

---

diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c
index 9ce1b5e2f3..d084aaecd3 100644
--- a/src/modules/tls/tls_server.c
+++ b/src/modules/tls/tls_server.c
@@ -752,6 +752,7 @@ int tls_encode_f(struct tcp_connection *c,
 	struct tls_mbuf rd, wr;
 	int ssl_error;
 	char* err_src;
+	char ip_buf[64];
 	const char* buf;
 	unsigned int len;
 	int x;
@@ -881,7 +882,15 @@ int tls_encode_f(struct tcp_connection *c,
 				break; /* or goto end */
 			case SSL_ERROR_SSL:
 				/* protocol level error */
+				ERR("protocol level error\n");
 				TLS_ERR(err_src);
+				memset(ip_buf, 0, sizeof(buf));
+				buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf));
+				ERR("source IP: %s\n", ip_buf);
+				memset(ip_buf, 0, sizeof(buf));
+				buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf));
+				ERR("destination IP: %s\n", ip_buf);
+
 				goto error;
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
 			case SSL_ERROR_WANT_CONNECT:
@@ -994,6 +1003,7 @@ int tls_read_f(struct tcp_connection* c, int* flags)
 	struct tls_rd_buf* enc_rd_buf;
 	int n, flush_flags;
 	char* err_src;
+	char ip_buf[64];
 	int x;
 	int tls_dbg;
 
@@ -1270,7 +1280,15 @@ int tls_read_f(struct tcp_connection* c, int* flags)
 			goto bug;
 		case SSL_ERROR_SSL:
 			/* protocol level error */
+			ERR("protocol level error\n");
 			TLS_ERR(err_src);
+			memset(ip_buf, 0, sizeof(ip_buf));
+			buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf));
+			ERR("source IP: %s\n", ip_buf);
+			memset(ip_buf, 0, sizeof(ip_buf));
+			buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf));
+			ERR("destination IP: %s\n", ip_buf);
+
 			goto error;
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
 		case SSL_ERROR_WANT_CONNECT:

More information about the sr-dev mailing list