[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter

Thu, 19 Oct 2023 03:33:50 -0700 

Looks ok for me. If you push it, then you have to update the wiki core
books section for it as well.

Cheers,
Daniel

On 19.10.23 09:14, Juha Heinanen via sr-dev wrote:
> How about the diff below?
>
> Also, is there plan to backport ksr_tcp_msg_data_timeout,
> ksr_tcp_msg_read_timeout, and ksr_tcp_check_timer to 5.7, since they can
> help in protecting from DoS attacks that we have seen in the wild.
>
> -- Juha
>
> diff --git a/src/main.c b/src/main.c
> index 0fa2da6ec2..f3cddf8bad 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -535,7 +535,7 @@ int ksr_tcp_msg_read_timeout = 20; /* timeout (secs) to 
> read SIP message */
>  int ksr_tcp_msg_data_timeout =
>               20; /* timeout (secs) to receive first msg data */
>  int ksr_tcp_accept_iplimit = 1024; /* limit of accepted connections per IP */
> -int ksr_tcp_check_timer = 10;           /* seconds to check tcp connections 
> */
> +int ksr_tcp_check_timer = -1;           /* seconds to check tcp connections 
> */
>  
>  /* memory manager */
>  #define SR_MEMMNG_DEFAULT "qm"
> @@ -1726,12 +1726,22 @@ int main_loop(void)
>               cfg_main_reset_local();
>  
>  #ifdef USE_TCP
> -             if(!tcp_disable && ksr_tcp_check_timer > 0) {
> -                     if(sr_wtimer_add(
> +             if(!tcp_disable) {
> +                     if(ksr_tcp_check_timer == -1) {
> +                             if(ksr_tcp_msg_data_timeout > 0 && 
> ksr_tcp_msg_read_timeout > 0)
> +                                     ksr_tcp_check_timer =
> +                                             MIN(ksr_tcp_msg_data_timeout, 
> ksr_tcp_msg_read_timeout) / 2;
> +                             else
> +                                     ksr_tcp_check_timer = 
> ksr_tcp_msg_data_timeout > 0 ?
> +                                             ksr_tcp_msg_data_timeout / 2 : 
> ksr_tcp_msg_read_timeout / 2;
> +                     }
> +                     if(ksr_tcp_check_timer > 0) {
> +                             if(sr_wtimer_add(
>                                          tcp_timer_check_connections, NULL, 
> ksr_tcp_check_timer)
> -                                     < 0) {
> -                             LM_CRIT("cannot add timer for tcp connection 
> checks\n");
> -                             goto error;
> +                                < 0) {
> +                                     LM_CRIT("cannot add timer for tcp 
> connection checks\n");
> +                                     goto error;
> +                             }
>                       }
>               }
>  #endif
> _______________________________________________
> Kamailio (SER) - Development Mailing List
> To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

-- 
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy and Development Services
Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

Reply via email to