[FEATURE] With ERROR:proto_wss: log the IP address

[robdyck]

Is your feature request related to a problem? Please describe.

When a proto_wss error occurs it would be helpful if the source IP address was logged. It would then enable creating a Fail2ban filter and ban the address if it repeats.

Describe the solution you'd like With other protocols it is possible to extract the source IP from the message and use xlog to pass that information to the logging facility. With proto_wss and tls generally it seems that the message isn't available to the script until the handshake completes. In the absence of wss, tls does generate a log that identifies the source IP address when the handshake fails.

For example a tls failure here identifies 205.185.123.115

``Jan 19 06:28:16 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:tls_openssl:openssl_tls_accept: New TLS connection from 205.185.123.115:53322 failed to accept

Jan 19 06:28:16 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:0A000126:SSL routines::unexpected eof while reading

Jan 19 06:28:16 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:wss_read_req: cannot fix read connection ``

wss example, no identifying information

``Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Upgrade header not present!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Connection header not present!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Origin header not present!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Sec-WebSocket-Key header not present or does not have the desired length (24)!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Sec-WebSocket-Version header not present!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:ws_parse_req_handshake: Sec-WebSocket-Protocol header not present!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:wss_read_req: cannot complete WebSocket handshake

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: WARNING:proto_wss:ws_server_handshake: extra data on socket before handshake is completed!

Jan 19 09:38:35 slim.mylan /usr/local/sbin/opensips[1988340]: ERROR:proto_wss:wss_read_req: cannot complete WebSocket handshake ``

- Component: proto_wss

• Type: log
• Name:

Describe alternatives you've considered

[github-actions[bot]]

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

[robdyck]

I was hoping for some comment from a developer. Good idea yes/no. Probably few people have to deal with wss.

[vasilevalex]

IMHO, there is often HA-proxy, nginx or some other TCP load-balancer in front of WSS SIP. So logging of load-balancer IP-address is not very helpful.

[github-actions[bot]]

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

[razvancrainea]

I agree logging the IP might be helpful for some people. And for those who don't find it useful (i.e. what @vasilevalex's examples), I don't see any harm done logging the IP. So let's keep this feature request open.

[github-actions[bot]]

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

[github-actions[bot]]

Marking as closed due to lack of progress for more than 30 days. If this issue is still relevant, please re-open it with additional details.