Hey Calvin, Did you have to do anything special with OpenSSL and/or Kamailio to get LD_PRELOAD to work and send the keys to voipmonitor?
I can see the env vars are loaded correctly, but I don't see any keys being sent to the sniffer on port 1234 udp. root@csbc03:~# ps -fe | grep kamailio kamailio 2209068 1 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209069 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209070 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209071 2209068 0 16:33 ? 00:00:02 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209072 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209073 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209074 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209075 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209076 2209068 0 16:33 ? 00:00:03 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209077 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209078 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209080 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209082 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209083 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209084 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209086 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209087 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209088 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209089 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209090 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209091 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209092 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209093 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209094 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209095 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209096 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209097 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209098 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209099 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209100 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209101 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209102 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209103 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209104 2209068 0 16:33 ? 00:00:01 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209105 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209106 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209107 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209108 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209109 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209110 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209111 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209112 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209113 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209114 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209115 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209116 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209117 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209118 2209068 4 16:33 ? 00:00:15 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209119 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209120 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209121 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209122 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209123 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209124 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209125 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209126 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no kamailio 2209127 2209068 0 16:33 ? 00:00:00 /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/csbc.cfg -m 512 -M 32 --atexit=no root 2210501 2210460 0 16:38 pts/0 00:00:00 grep kamailio root@csbc03:~# root@csbc03:~# cat /proc/2209068/environ LANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binPIDFILE=/run/kamailio/kamailio.pidHOME=/run/kamailioLOGNAME=kamailioUSER=kamailioINVOCATION_ID=2ac0a49bba664c4fbe6c0f5fa7948e4eJOURNAL_STREAM=8:1641955621RUNTIME_DIRECTORY=/run/kamailioCFGFILE=/etc/kamailio/csbc.cfgSHM_MEMORY=512PKG_MEMORY=32RUN_KAMAILIO=yesGROUP=kamailioDUMP_CORE=yesSSLKEYLOG_UDP=10.2.1.19:1234LD_PRELOAD=/opt/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so /usr/lib/x86_64-linux-gnu/libssl.so.1.1 root@csbc03:~# I tested using the command in voipmonitor docs and that seems to be ok: root@csbc03:~# env SSLKEYLOG_UDP='10.2.1.19:1234' LD_PRELOAD="/opt/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so" openssl * SSL KEYLOG : OK detect pointer to function SSL_new : 0x7f10d6adbd30 * SSL KEYLOG : OK detect pointer to function SSL_CTX_set_keylog_callback : 0x7f10d6adcf00 * SSL KEYLOG : log to : 10.2.1.19:1234 OpenSSL> quit root@csbc03:~# Does anyone have any tips on how to troubleshoot this? I know this might not be directly related to Kamailio... Thanks, Joel. On Wed, Feb 28, 2024 at 11:10 AM Joel Serrano <j...@textplus.com> wrote: > I think your plan makes total sense. > > Thank you for the insight. > > Joel. > > On Tue, Feb 27, 2024 at 9:28 AM Calvin E. <calv...@gmail.com> wrote: > >> We've been using the siptrace module with Homer to do SIP-only captures, >> but decided to use a different approach for VoIPmonitor as it affects more >> than just Kamilio. We're also capturing dozens of FreeSWITCH and rtpengine >> hosts, which are all using LD_PRELOAD to log their SIP TLS and SRTP DH >> session keys. We wanted Kamailio and the other components to focus on their >> real jobs (calling) and let a separate process handle the capturing. This >> gives us insight/control over any load added by the capturing, and allows >> us to see things closer to the network perspective rather than the >> application. It's easy to add the VoIPmonitor sniffer to any host without >> needing each application to natively support capturing. >> >> I'm sure the siptrace module would have similar results, it's just not >> part of the "homogenous deployment" approach we're taking with this project. >> >> On Tue, Feb 27, 2024 at 1:29 AM Joel Serrano via sr-users < >> sr-users@lists.kamailio.org> wrote: >> >>> Calvin, >>> >>> Voipmonitor-sniffer has support for Kamailio’s ‘siptrace’ module, but >>> this is useful if your goal is to capture SIP over TLS traffic, I’m not >>> sure if that is the reason you have been asked to capture the DH session >>> keys… >>> >>> If that's the case, any reason you went with LD_PRELOAD method vs >>> kamailio’s siptrace module? Using the later you still get the sip traffic >>> without the need of messing with OpenSSL. >>> >>> Mind sharing your findings? >>> >>> Joel. >>> >>> >>> >>> On Tue, Feb 27, 2024 at 00:18 Bastian Triller via sr-users < >>> sr-users@lists.kamailio.org> wrote: >>> >>>> Some weeks ago I learned about [1]. Didn't play with it yet though. >>>> >>>> >>>> [1] >>>> https://medium.com/@yunwei356/ebpf-practical-tutorial-capturing-ssl-tls-plain-text-using-uprobe-fccb010cfd64 >>>> >>>> On Tue, Feb 27, 2024, 02:08 Calvin E. via sr-users < >>>> sr-users@lists.kamailio.org> wrote: >>>> >>>>> This was done using the system-provided OpenSSL (Debian 12). It might >>>>> work for tlsa, but I don't know how Kamilio would respond to LD_PRELOAD >>>>> affecting one of its own modules. >>>>> >>>>> If your curious how it works, the code is here: >>>>> https://github.com/voipmonitor/sniffer/blob/master/tools/ssl_keylogger/sslkeylog.cpp >>>>> >>>>> On Fri, Feb 2, 2024 at 1:23 AM Ihor Olkhovskyi via sr-users < >>>>> sr-users@lists.kamailio.org> wrote: >>>>> >>>>>> Calvin, >>>>>> >>>>>> Thanks for sharing this, just a question, do you use system-provided >>>>>> OpenSSL or tlsa ? >>>>>> >>>>>> Le mar. 30 janv. 2024 à 03:00, Calvin E. via sr-users < >>>>>> sr-users@lists.kamailio.org> a écrit : >>>>>> >>>>>>> It turns out the system I was on really >>>>>>> uses /lib/systemd/system/kamailio.service, despite /etc/init.d/kamailio >>>>>>> also existing. >>>>>>> >>>>>>> I was able to make it work by following the Systemd process: >>>>>>> >>>>>>> mkdir /etc/default/kamailio.d/ >>>>>>> edit /etc/default/kamailio.d/voipmonitor >>>>>>> add lines: >>>>>>> SSLKEYLOG_UDP='127.0.0.1:1234' >>>>>>> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >>>>>>> /usr/lib/x86_64-linux-gnu/libssl.so.3" >>>>>>> >>>>>>> The keys are captured by the VoIPmonitor sniffer and everything >>>>>>> works as expected from there. I'd be happy to explain further to anyone >>>>>>> interested in this setup. >>>>>>> >>>>>>> On Sun, Jan 28, 2024 at 3:20 AM Sergey Safarov <s.safa...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> You can check this PR >>>>>>>> https://github.com/kamailio/kamailio/pull/2785 >>>>>>>> >>>>>>>> On Fri, Jan 26, 2024 at 8:58 PM Calvin E. via sr-users < >>>>>>>> sr-users@lists.kamailio.org> wrote: >>>>>>>> >>>>>>>>> I've been tasked to use LD_PRELOAD to log SSL keys for TLS >>>>>>>>> connections using a Diffie-Hellman cipher. The first attempt did not >>>>>>>>> work, >>>>>>>>> so I wanted to sanity check whether Kamailio's TLS support is built >>>>>>>>> in such >>>>>>>>> a way that would defeat LD_PRELOAD. >>>>>>>>> >>>>>>>>> The instructions from the vendor are to update >>>>>>>>> /etc/init.d/kamailio like this: >>>>>>>>> >>>>>>>>> env SSLKEYLOG_UDP='127.0.0.1:1234' >>>>>>>>> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >>>>>>>>> /usr/lib/x86_64-linux-gnu/libssl.so.3" \ >>>>>>>>> start-stop-daemon --start --quiet --pidfile $PIDFILE \ >>>>>>>>> --exec $DAEMON -- $OPTIONS || log_failure_msg " >>>>>>>>> already running" >>>>>>>>> >>>>>>>>> Is there anything special in Kamailio (5.7.3 on Debian 12) that >>>>>>>>> would prevent this from working? Not necessarily something to defeat a >>>>>>>>> keylogger, but maybe the way tls.so gets loaded? >>>>>>>>> >>>>>>>>> The only discrepancy I've noticed is the vendor docs refer >>>>>>>>> to libssl.so.3 not libssl.so.1, but the vendor said that should be OK. >>>>>>>>> >>>>>>>>> I'd love to hear from someone already using VoIPmonitor >>>>>>>>> with Diffie-Hellman ciphers and Kamailio. >>>>>>>>> >>>>>>>>> __________________________________________________________ >>>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>>>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>>>>>>>> Important: keep the mailing list in the recipients, do not reply >>>>>>>>> only to the sender! >>>>>>>>> Edit mailing list options or unsubscribe: >>>>>>>>> >>>>>>>> __________________________________________________________ >>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>>>>>> Important: keep the mailing list in the recipients, do not reply >>>>>>> only to the sender! >>>>>>> Edit mailing list options or unsubscribe: >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Best regards, >>>>>> Ihor (Igor) >>>>>> __________________________________________________________ >>>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>>>>> Important: keep the mailing list in the recipients, do not reply only >>>>>> to the sender! >>>>>> Edit mailing list options or unsubscribe: >>>>>> >>>>> __________________________________________________________ >>>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>>>> Important: keep the mailing list in the recipients, do not reply only >>>>> to the sender! >>>>> Edit mailing list options or unsubscribe: >>>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> >>
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: