[SR-Users] catching tls errors
Daniel-Constantin Mierla
miconda at gmail.com
Wed Oct 16 16:06:32 CEST 2019
On 16.10.19 08:53, Juha Heinanen wrote:
> Yuriy Gorlichenko writes:
>
>> Looks no, because connection must be established for handling it in the
>> config file. This error fired by ssl library during Negotiation process.
>>
>> But you can try tcpdump, at least you will see Who tries to established
>> connection
> Yes, I could do that, but I would rather get the IP address to syslog so
> that I could fail2ban it.
Probably the IP address can be printed in that log message from the C
code, at that level the tcp connection structure (associated with the
tls session) should be filled in with source ip and destination ip.
Obviously it requires to patch the code -- I can do it during the next
two days, if this solution helps.
Cheers,
Daniel
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat
More information about the sr-users
mailing list