[sr-dev] git:master:328d4521: tls: log src and dst IPs in case of protocol level errors in send/receive
Henning Westerholt
hw at skalatan.de
Mon Mar 23 12:07:52 CET 2020
Module: kamailio
Branch: master
Commit: 328d45215514f03d2fcfd88d49e56027f2002b86
URL: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86
Author: Henning Westerholt <hw at skalatan.de>
Committer: Henning Westerholt <hw at skalatan.de>
Date: 2020-03-23T12:06:26+01:00
tls: log src and dst IPs in case of protocol level errors in send/receive
- log src and dst IPs in case of protocol level errors in send/receive
- to help debugging TLS errors in multi-domain/multi-dispatching scenarios
---
Modified: src/modules/tls/tls_server.c
---
Diff: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86.diff
Patch: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027f2002b86.patch
---
diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c
index 9ce1b5e2f3..d084aaecd3 100644
--- a/src/modules/tls/tls_server.c
+++ b/src/modules/tls/tls_server.c
@@ -752,6 +752,7 @@ int tls_encode_f(struct tcp_connection *c,
struct tls_mbuf rd, wr;
int ssl_error;
char* err_src;
+ char ip_buf[64];
const char* buf;
unsigned int len;
int x;
@@ -881,7 +882,15 @@ int tls_encode_f(struct tcp_connection *c,
break; /* or goto end */
case SSL_ERROR_SSL:
/* protocol level error */
+ ERR("protocol level error\n");
TLS_ERR(err_src);
+ memset(ip_buf, 0, sizeof(buf));
+ buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf));
+ ERR("source IP: %s\n", ip_buf);
+ memset(ip_buf, 0, sizeof(buf));
+ buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf));
+ ERR("destination IP: %s\n", ip_buf);
+
goto error;
#if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
case SSL_ERROR_WANT_CONNECT:
@@ -994,6 +1003,7 @@ int tls_read_f(struct tcp_connection* c, int* flags)
struct tls_rd_buf* enc_rd_buf;
int n, flush_flags;
char* err_src;
+ char ip_buf[64];
int x;
int tls_dbg;
@@ -1270,7 +1280,15 @@ int tls_read_f(struct tcp_connection* c, int* flags)
goto bug;
case SSL_ERROR_SSL:
/* protocol level error */
+ ERR("protocol level error\n");
TLS_ERR(err_src);
+ memset(ip_buf, 0, sizeof(ip_buf));
+ buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf));
+ ERR("source IP: %s\n", ip_buf);
+ memset(ip_buf, 0, sizeof(ip_buf));
+ buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf));
+ ERR("destination IP: %s\n", ip_buf);
+
goto error;
#if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/
case SSL_ERROR_WANT_CONNECT:
More information about the sr-dev
mailing list