Feat: Redact remote endpoint IP addresses in log messages. (#2188)

jitsi · Jul 10, 2024 · 877b6a2 · 877b6a2
1 parent d98c8b5
commit 877b6a2
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 4 deletions.
diff --git a/jvb/src/main/java/org/jitsi/videobridge/Conference.java b/jvb/src/main/java/org/jitsi/videobridge/Conference.java
@@ -224,7 +224,14 @@ public Conference(Videobridge videobridge,
                 {
                     try
                     {
-                        logger.info("RECV colibri2 request: " + XmlStringBuilderUtil.toStringOpt(request.getRequest()));
+                        logger.info( () -> {
+                            String reqStr = XmlStringBuilderUtil.toStringOpt(request.getRequest());
+                            if (VideobridgeConfig.getRedactRemoteAddresses())
+                            {
+                                reqStr = RedactColibriIp.Companion.redact(reqStr);
+                            }
+                            return "RECV colibri2 request: " + reqStr;
+                        });
                         long start = System.currentTimeMillis();
                         Pair<IQ, Boolean> p = colibri2Handler.handleConferenceModifyIQ(request.getRequest());
                         IQ response = p.getFirst();
@@ -236,8 +243,13 @@ public Conference(Videobridge videobridge,
                         request.getTotalDelayStats().addDelay(totalDelay);
                         if (processingDelay > 100)
                         {
+                            String reqStr = XmlStringBuilderUtil.toStringOpt(request.getRequest());
+                            if (VideobridgeConfig.getRedactRemoteAddresses())
+                            {
+                                reqStr = RedactColibriIp.Companion.redact(reqStr);
+                            }
                             logger.warn("Took " + processingDelay + " ms to process an IQ (total delay "
-                                    + totalDelay + " ms): " + XmlStringBuilderUtil.toStringOpt(request.getRequest()));
+                                    + totalDelay + " ms): " + reqStr);
                         }
                         logger.info("SENT colibri2 response: " + XmlStringBuilderUtil.toStringOpt(response));
                         request.getCallback().invoke(response);

diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/VideobridgeConfig.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/VideobridgeConfig.kt
@@ -24,5 +24,10 @@ class VideobridgeConfig private constructor() {
         val initialDrainMode: Boolean by config {
             "videobridge.initial-drain-mode".from(JitsiConfig.newConfig)
         }
+
+        @JvmStatic
+        val redactRemoteAddresses: Boolean by config {
+            "videobridge.redact-remote-addresses".from(JitsiConfig.newConfig)
+        }
     }
 }
diff --git a/jvb/src/main/resources/application.conf b/jvb/src/main/resources/application.conf
@@ -19,4 +19,5 @@ ice4j {
       use-dynamic-ports = false
     }
   }
+  redact-remote-addresses = ${videobridge.redact-remote-addresses}
 }
diff --git a/jvb/src/main/resources/reference.conf b/jvb/src/main/resources/reference.conf
@@ -388,6 +388,9 @@ videobridge {
   # size for which the filter is enabled.
   stats-filter-threshold = 20
 
+  # Whether to redact remote endpoint IP addresses from logs
+  redact-remote-addresses = true
+
   ssrc-limit {
     # maximum number of SSRCs to send to an endpoint for video
     video = 50

diff --git a/pom.xml b/pom.xml
@@ -106,12 +106,12 @@
             <dependency>
                 <groupId>${project.groupId}</groupId>
                 <artifactId>ice4j</artifactId>
-                <version>3.0-69-ga53b402</version>
+                <version>3.0-72-g824cd4b</version>
             </dependency>
             <dependency>
                 <groupId>${project.groupId}</groupId>
                 <artifactId>jitsi-xmpp-extensions</artifactId>
-                <version>1.0-80-g0ce9883</version>
+                <version>1.0-81-g3816e5a</version>
             </dependency>
         </dependencies>
     </dependencyManagement>