Hi,

we have found a potential bug. The pseudo variables return null for WSS connections.

Example config:
xlog("L_INFO", "<mainLogic> REGISTER: TLS or WSS detected: fU=$fU tls_version=$tls_version tls_cipher_info=$tls_cipher_info ua=$ua\n");

Log output:
Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 310, "function": "get_version", "message": "TLS connection not found in select_version\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 201, "function": "get_cipher", "message": "TLS connection not found in select_cipher\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "xlog", "file": "xlog.c", "line": 278, "function": "", "message": "<mainLogic> REGISTER: TLS or WSS detected: fU=1125411e0 tls_version=<null> tls_cipher_info=<null> ua=webphone\n" }

As you can see both tls_version and tls_cipher_info return even though the underlying connection is via WSS.

We have looked into it, and it seems like get_cur_connection in modules/tls/tls_select.c only checks for TLS, but not WSS.

struct tcp_connection *get_cur_connection(struct sip_msg *msg)
{
        struct tcp_connection *c;

        if(_tls_pv_con != 0)
                return _tls_pv_con;

        if(msg->rcv.proto != PROTO_TLS) {
                ERR("Transport protocol is not TLS (bug in config)\n");
                return 0;
        }

        c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
                        cfg_get(tls, tls_cfg, con_lifetime));
        if(c && c->type != PROTO_TLS) {
                ERR("Connection found but is not TLS\n");
                tcpconn_put(c);
                return 0;
        }
        return c;
}

We think that checking for PROTO_WSS might solve the issue.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/4167@github.com>
ChristianBergerSipgateChristianBergerSipgate created an issue (kamailio/kamailio#4167)

Hi,

we have found a potential bug. The pseudo variables return null for WSS connections.

Example config:
xlog("L_INFO", "<mainLogic> REGISTER: TLS or WSS detected: fU=$fU tls_version=$tls_version tls_cipher_info=$tls_cipher_info ua=$ua\n");

Log output:
Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 310, "function": "get_version", "message": "TLS connection not found in select_version\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 201, "function": "get_cipher", "message": "TLS connection not found in select_cipher\n" } Mar 7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "xlog", "file": "xlog.c", "line": 278, "function": "", "message": "<mainLogic> REGISTER: TLS or WSS detected: fU=1125411e0 tls_version=<null> tls_cipher_info=<null> ua=webphone\n" }

As you can see both tls_version and tls_cipher_info return even though the underlying connection is via WSS.

We have looked into it, and it seems like get_cur_connection in modules/tls/tls_select.c only checks for TLS, but not WSS.

struct tcp_connection *get_cur_connection(struct sip_msg *msg)
{
        struct tcp_connection *c;

        if(_tls_pv_con != 0)
                return _tls_pv_con;

        if(msg->rcv.proto != PROTO_TLS) {
                ERR("Transport protocol is not TLS (bug in config)\n");
                return 0;
        }

        c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
                        cfg_get(tls, tls_cfg, con_lifetime));
        if(c && c->type != PROTO_TLS) {
                ERR("Connection found but is not TLS\n");
                tcpconn_put(c);
                return 0;
        }
        return c;
}

We think that checking for PROTO_WSS might solve the issue.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/4167@github.com>