Module: kamailio Branch: master Commit: 328d45215514f03d2fcfd88d49e56027f2002b86 URL: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027...
Author: Henning Westerholt hw@skalatan.de Committer: Henning Westerholt hw@skalatan.de Date: 2020-03-23T12:06:26+01:00
tls: log src and dst IPs in case of protocol level errors in send/receive
- log src and dst IPs in case of protocol level errors in send/receive - to help debugging TLS errors in multi-domain/multi-dispatching scenarios
---
Modified: src/modules/tls/tls_server.c
---
Diff: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027... Patch: https://github.com/kamailio/kamailio/commit/328d45215514f03d2fcfd88d49e56027...
---
diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c index 9ce1b5e2f3..d084aaecd3 100644 --- a/src/modules/tls/tls_server.c +++ b/src/modules/tls/tls_server.c @@ -752,6 +752,7 @@ int tls_encode_f(struct tcp_connection *c, struct tls_mbuf rd, wr; int ssl_error; char* err_src; + char ip_buf[64]; const char* buf; unsigned int len; int x; @@ -881,7 +882,15 @@ int tls_encode_f(struct tcp_connection *c, break; /* or goto end */ case SSL_ERROR_SSL: /* protocol level error */ + ERR("protocol level error\n"); TLS_ERR(err_src); + memset(ip_buf, 0, sizeof(buf)); + buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf)); + ERR("source IP: %s\n", ip_buf); + memset(ip_buf, 0, sizeof(buf)); + buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf)); + ERR("destination IP: %s\n", ip_buf); + goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: @@ -994,6 +1003,7 @@ int tls_read_f(struct tcp_connection* c, int* flags) struct tls_rd_buf* enc_rd_buf; int n, flush_flags; char* err_src; + char ip_buf[64]; int x; int tls_dbg;
@@ -1270,7 +1280,15 @@ int tls_read_f(struct tcp_connection* c, int* flags) goto bug; case SSL_ERROR_SSL: /* protocol level error */ + ERR("protocol level error\n"); TLS_ERR(err_src); + memset(ip_buf, 0, sizeof(ip_buf)); + buf_print_ip(ip_buf, &(c->rcv.src_ip), sizeof(ip_buf)); + ERR("source IP: %s\n", ip_buf); + memset(ip_buf, 0, sizeof(ip_buf)); + buf_print_ip(ip_buf, &(c->rcv.dst_ip), sizeof(ip_buf)); + ERR("destination IP: %s\n", ip_buf); + goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: