Module: kamailio Branch: master Commit: 254d5bd652e1eb35772375d930786ee5489cebab URL: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee5489cebab
Author: Daniel-Constantin Mierla <mico...@gmail.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2025-07-25T11:40:17+02:00 tls: added option to filter key logging --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_util.c Modified: src/modules/tls/tls_util.h --- Diff: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee5489cebab.diff Patch: https://github.com/kamailio/kamailio/commit/254d5bd652e1eb35772375d930786ee5489cebab.patch --- diff --git a/src/modules/tls/tls_domain.c b/src/modules/tls/tls_domain.c index e6dbd60b502..4e2e5e76ede 100644 --- a/src/modules/tls/tls_domain.c +++ b/src/modules/tls/tls_domain.c @@ -1094,6 +1094,11 @@ static void ksr_tls_keylog_callback(const SSL *ssl, const char *line) if(!(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_ACTIVE)) { return; } + if(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_VFILTER) { + if(ksr_tls_keylog_vfilter_match(line) == 0) { + return; + } + } if(ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_MLOG) { LM_NOTICE("tlskeylog: %s\n", line); } diff --git a/src/modules/tls/tls_util.c b/src/modules/tls/tls_util.c index 7f35540c29d..01f2a0544e4 100644 --- a/src/modules/tls/tls_util.c +++ b/src/modules/tls/tls_util.c @@ -152,6 +152,36 @@ int ksr_tls_keylog_file_init(void) return 0; } +/** + * + */ +/* clang-format off */ +static const char *ksr_tls_keylog_vfilters[] = { + "CLIENT_RANDOM ", + "CLIENT_HANDSHAKE_TRAFFIC_SECRET ", + "SERVER_HANDSHAKE_TRAFFIC_SECRET ", + "EXPORTER_SECRET ", + "CLIENT_TRAFFIC_SECRET_0 ", + "SERVER_TRAFFIC_SECRET_0 ", + NULL +}; +/* clang-format on */ + +/** + * + */ +int ksr_tls_keylog_vfilter_match(const char *line) +{ + int i; + + for(i = 0; ksr_tls_keylog_vfilters[i] != NULL; i++) { + if(strcasecmp(ksr_tls_keylog_vfilters[i], line) == 0) { + return 1; + } + } + return 0; +} + /** * */ diff --git a/src/modules/tls/tls_util.h b/src/modules/tls/tls_util.h index fde753e64d6..1b6be69383c 100644 --- a/src/modules/tls/tls_util.h +++ b/src/modules/tls/tls_util.h @@ -37,6 +37,7 @@ #define KSR_TLS_KEYLOG_MODE_MLOG (1 << 2) #define KSR_TLS_KEYLOG_MODE_FILE (1 << 3) #define KSR_TLS_KEYLOG_MODE_PEER (1 << 4) +#define KSR_TLS_KEYLOG_MODE_VFILTER (1 << 10) static inline int tls_err_ret( char *s, SSL *ssl, tls_domains_cfg_t **tls_domains_cfg) @@ -94,5 +95,6 @@ int ksr_tls_keylog_file_init(void); int ksr_tls_keylog_file_write(const SSL *ssl, const char *line); int ksr_tls_keylog_peer_init(void); int ksr_tls_keylog_peer_send(const SSL *ssl, const char *line); +int ksr_tls_keylog_vfilter_match(const char *line); #endif /* _TLS_UTIL_H */ _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
