tls: support to send keys log to a udp peer

src/modules/tls/tls_domain.c

@@ -1098,6 +1098,7 @@ static void ksr_tls_keylog_callback(const SSL *ssl, const char *line)
 		LM_NOTICE("tlskeylog: %s\n", line);
 	}
 	ksr_tls_keylog_file_write(ssl, line);
+	ksr_tls_keylog_peer_send(ssl, line);
 }
 
 /**

src/modules/tls/tls_mod.c

@@ -248,6 +248,7 @@ int ksr_tls_init_mode = 0;
 int ksr_tls_key_password_mode = 0;
 int ksr_tls_keylog_mode = 0;
 str ksr_tls_keylog_file = STR_NULL;
+str ksr_tls_keylog_peer = STR_NULL;
 
 /* clang-format off */
 /*
@@ -321,6 +322,7 @@ static param_export_t params[] = {
 	{"key_password_mode", PARAM_INT, &ksr_tls_key_password_mode},
 	{"keylog_mode", PARAM_INT, &ksr_tls_keylog_mode},
 	{"keylog_file", PARAM_STR, &ksr_tls_keylog_file},
+	{"keylog_peer", PARAM_STR, &ksr_tls_keylog_peer},
 
 	{0, 0, 0}
 };
@@ -567,6 +569,11 @@ static int mod_init(void)
 		LM_ERR("failed to init keylog file\n");
 		goto error;
 	}
+	if(ksr_tls_keylog_peer_init() < 0) {
+		LM_ERR("failed to init keylog peer\n");
+		goto error;
+	}
+
 	return 0;
 error:
 	tls_h_mod_destroy_f();

src/modules/tls/tls_util.c

@@ -33,14 +33,22 @@
 #include "../../core/mem/shm_mem.h"
 #include "../../core/globals.h"
 #include "../../core/dprint.h"
+#include "../../core/ip_addr.h"
+#include "../../core/socket_info.h"
+#include "../../core/udp_server.h"
+#include "../../core/forward.h"
+#include "../../core/resolve.h"
+
 #include "tls_mod.h"
 #include "tls_util.h"
 
 
 extern int ksr_tls_keylog_mode;
 extern str ksr_tls_keylog_file;
+extern str ksr_tls_keylog_peer;
 
 static gen_lock_t *ksr_tls_keylog_file_lock = NULL;
+static dest_info_t ksr_tls_keylog_peer_dst;
 
 /*
  * Make a shared memory copy of ASCII zero terminated string
@@ -168,3 +176,67 @@ int ksr_tls_keylog_file_write(const SSL *ssl, const char *line)
 	lock_release(ksr_tls_keylog_file_lock);
 	return ret;
 }
+
+
+/**
+ *
+ */
+int ksr_tls_keylog_peer_init(void)
+{
+	int proto;
+	str host;
+	int port;
+
+	if(!((ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_INIT)
+			   && (ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_PEER))) {
+		return 0;
+	}
+	if(ksr_tls_keylog_peer.s == NULL || ksr_tls_keylog_peer.len <= 0) {
+		return -1;
+	}
+	init_dest_info(&ksr_tls_keylog_peer_dst);
+	if(parse_phostport(ksr_tls_keylog_peer.s, &host.s, &host.len, &port, &proto)
+			!= 0) {
+		LM_CRIT("invalid peer addr parameter <%s>\n", ksr_tls_keylog_peer.s);
+		return -2;
+	}
+	if(proto != PROTO_UDP) {
+		LM_ERR("only udp supported in peer addr <%s>\n", ksr_tls_keylog_peer.s);
+		return -3;
+	}
+	ksr_tls_keylog_peer_dst.proto = proto;
+	if(sip_hostport2su(&ksr_tls_keylog_peer_dst.to, &host, port,
+			   &ksr_tls_keylog_peer_dst.proto)
+			!= 0) {
+		LM_ERR("failed to resolve <%s>\n", ksr_tls_keylog_peer.s);
+		return -4;
+	}
+
+	return 0;
+}
+
+/**
+ *
+ */
+int ksr_tls_keylog_peer_send(const SSL *ssl, const char *line)
+{
+	if(!((ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_INIT)
+			   && (ksr_tls_keylog_mode & KSR_TLS_KEYLOG_MODE_PEER))) {
+		return 0;
+	}
+
+	if(ksr_tls_keylog_peer_dst.send_sock == NULL) {
+		ksr_tls_keylog_peer_dst.send_sock =
+				get_send_socket(NULL, &ksr_tls_keylog_peer_dst.to, PROTO_UDP);
+		if(ksr_tls_keylog_peer_dst.send_sock == NULL) {
+			LM_ERR("no send socket for <%s>\n", ksr_tls_keylog_peer.s);
+			return -2;
+		}
+	}
+
+	if(udp_send(&ksr_tls_keylog_peer_dst, (char *)line, strlen(line)) < 0) {
+		LM_ERR("failed to send to <%s>\n", ksr_tls_keylog_peer.s);
+		return -1;
+	}
+	return 0;
+}

src/modules/tls/tls_util.h

@@ -36,6 +36,7 @@
 #define KSR_TLS_KEYLOG_MODE_ACTIVE (1 << 1)
 #define KSR_TLS_KEYLOG_MODE_MLOG (1 << 2)
 #define KSR_TLS_KEYLOG_MODE_FILE (1 << 3)
+#define KSR_TLS_KEYLOG_MODE_PEER (1 << 4)
 
 static inline int tls_err_ret(
 		char *s, SSL *ssl, tls_domains_cfg_t **tls_domains_cfg)
@@ -91,5 +92,7 @@ void tls_openssl_clear_errors(void);
 
 int ksr_tls_keylog_file_init(void);
 int ksr_tls_keylog_file_write(const SSL *ssl, const char *line);
+int ksr_tls_keylog_peer_init(void);
+int ksr_tls_keylog_peer_send(const SSL *ssl, const char *line);
 
 #endif /* _TLS_UTIL_H */