Hello Miguel,
I had the time to do some tests and look at the code. The remove_latency
is not what you thought (and I expected the same), but the time after
which to remove an IP from internal tree if no request is received from
it during that duration -- it is this behavior from old ser era.
The IP is unblocked first time when density is not exceeded in a
sampling unit.
First time, to block the IP, it requires 3 times the density, but if it
is in memory, it is blocked when density is reached.
Now (even for 1.5), the option to keep an IP blocked for N seconds since
pike hit can be achieved using a htable with expire set to N. When pike
hits, add the ip in the hash table. Like:
# autoexpire after 5 minutes
modparam("htable", "htable", "blocked=>size=8;autoexpire=300;")
if($sht(blocked=>$si)!=$null)
{
# ip is blocked
exit;
}
if (!pike_check_req()) {
$sht(blocked=>$si) = 1;
xlog("new ip was banned $si\n");
exit;
}
Keeping it blocked only with pike would be nicer, I will have it in
mind, but not sure if is going to be in 3.1 -- maybe I find the time to
merge the two pike modules and then add this condition as well.
Cheers,
Daniel
On 9/20/10 4:34 PM, Miguel Baptista wrote:
Hi Daniel,
Here goes the log with debug=4:
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:sanity:sanity_check: all sanity checks passed
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: <To> [44]; uri=[sip:myu...@test.com]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:maxfwd:is_maxfwd_present: value = 70
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: to body ["MyUser Akademia"
<sip:myu...@test.com>^M ]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:pike:mark_node: search on branch 158 (top=0xb59c6030)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER>
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:pike:mark_node: only first 4 were matched!
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=20
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800;
hits=[2,0],[7,11] node_flags=6 func_flags=0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=20
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:pike:remove_from_timer: 0xb59c6810 from
0xb59baa60(0xb59c6920,0xb59c6810)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=2000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:pike:append_to_timer: 0xb59c6810 in
0xb59baa60(0xb59c6920,0xb59c6920)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: content_length=0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:siputils:has_totag: no totag
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_sock_info: checking if host==us: 11==13 &&
[test.com] == [XXX.XXX.XXX.XXX]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: found end of header
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=8000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_sock_info: no match for: [test.com:5060]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=40000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_aliases: comparing host [0:test.com:5060] with us
[1:sip:5060]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_aliases: comparing host [0:test.com:5060] with us
[1:sip.test.com:5060]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:sanity:sanity_check: all sanity checks passed
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_aliases: comparing host [0:test.com:5060] with us
[1:test.com:5060]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:maxfwd:is_maxfwd_present: value = 70
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:grep_aliases: match found for: [0:test.com:5060]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:mark_node: search on branch 158 (top=0xb59c6030)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:check_self: host == me
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:mark_node: only first 4 were matched!
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:parse_headers: flags=78
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800;
hits=[2,0],[7,12] node_flags=14 func_flags=6
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:tm:t_lookup_request: start searching: hash=27431, isACK=0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:remove_from_timer: 0xb59c6810 from
0xb59baa60(0xb59c6810,0xb59c6920)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:append_to_timer: 0xb59c6810 in
0xb59baa60(0xb59c6920,0xb59c6920)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:tm:t_lookup_request: no transaction found
*Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: PIKE -
BLOCKing ip yyy.yyy.yyy.yyy, node=0xb59c6800 *
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: retcode
of t_check_trans is -1
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning:
too many requests from yyy.yyy.yyy.yyy:5060\
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: Entered
the Register method
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2]
route #2
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:check_via_address: params yyy.yyy.yyy.yyy,
yyy.yyy.yyy.yyy, 0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2]
REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:myu...@test.com
to_uri=sip:test.com
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:destroy_avp_list: destroying list (nil)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:receive_msg: cleaning up
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:check_via_address: params yyy.yyy.yyy.yyy,
yyy.yyy.yyy.yyy, 0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:parse_headers: flags=4000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:auth:pre_auth: credentials with given realm not found
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
r[HANDLE_REGISTER] req. missing authentication nonce
(yyy.yyy.yyy.yyy) REGISTER sip:myu...@test.com
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:auth:reserve_nonce_index: second= 18, sec_monit= 4, index= 21
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:auth:build_auth_hf: nonce index= 21
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
realm="test.com",
nonce="4c976daa0000001585e4d53c23338f5a8a5961f42da924a6"^M '
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:sl:send_reply: reply in stateless mode (sl)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:check_via_address: params yyy.yyy.yyy.yyy,
yyy.yyy.yyy.yyy, 0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:destroy_avp_list: destroying list (nil)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]:
DBG:core:receive_msg: cleaning up
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_msg: SIP Request:
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_msg: method: <REGISTER>
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_msg: uri: <sip:test.com>
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_msg: version: <SIP/2.0>
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=2
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_via_param: found param type 232, <branch> =
<z9hG4bK-f2xowcc2pr58>; state=6
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
state=17
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_via: end of header reached, state=5
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: via found, flags=2
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: this is the first via
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:receive_msg: After parse_msg...
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:receive_msg: preparing to run routing scripts...
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Start
main route
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=10
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_to_param: tag=i07t4f83ih
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_to: end of header reached, state=29
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_to: display={"MyUser Akademia"},
ruri={sip:myu...@test.com}
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: r[0]
REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:myu...@test.com
to_uri=sip:test.com
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=78
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_to: end of header reached, state=10
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_to: display={"MyUser Akademia"},
ruri={sip:myu...@test.com}
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: <To> [44]; uri=[sip:myu...@test.com]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: to body ["MyUser Akademia"
<sip:myu...@test.com>^M ]
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER>
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=20
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=20
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=2000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: content_length=0
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:get_hdr_field: found end of header
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=8000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=40000
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:sanity:sanity_check: all sanity checks passed
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:maxfwd:is_maxfwd_present: value = 70
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:mark_node: search on branch 158 (top=0xb59c6030)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:mark_node: only first 4 were matched!
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800;
hits=[2,0],[7,13] node_flags=14 func_flags=2
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:remove_from_timer: 0xb59c6810 from
0xb59baa60(0xb59c6810,0xb59c6920)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]:
DBG:pike:append_to_timer: 0xb59c6810 in
0xb59baa60(0xb59c6920,0xb59c6920)
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning:
too many requests from yyy.yyy.yyy.yyy:5060\
Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:parse_headers: flags=ffffffffffffffff
Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:check_via_address: params yyy.yyy.yyy.yyy,
yyy.yyy.yyy.yyy, 0
Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:destroy_avp_list: destroying list (nil)
Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]:
DBG:core:receive_msg: cleaning up
*Sep 20 16:20:36 sip /home/kamailio/sbin/kamailio[16385]: PIKE -
UNBLOCKing node 0xb59c6800 *
Any ideas?
Regards,
Miguel Baptista
On 16.09.2010 10:17, Daniel-Constantin Mierla wrote:
Hello,
can you get a verbose debug log (debug=4)?
Thanks,
Daniel
On 9/10/10 1:58 PM, MyUser Baptista wrote:
Hi All,
I'm running kamailio-1.5.4-tls and I want to enable pike module in it.
I did some test but it isn't working properly. I mean it isn't
acting according to the /remove_latancy/ parameter. When an IP
address is blocked (cause it triggered the pike module), it should
be blocked for the amount of time (seconds I presumed) defined on
the /remove_latancy /parameter, right? but it isn't
Here is my pike module config (it's just a test config)
# ---- Pike --- /* we are usign default values. We should tunning
it up */
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 3600)
modparam("pike", "pike_log_level",-1)
and here is the output
/Sep 10 *13:33:35* sip /home/kamailio/sbin/kamailio[21414]: PIKE -
BLOCKing ip XXX.XXX.XXX.XXX, node=0xb5a2eb58
Sep 10 13:33:35 sip /home/kamailio/sbin/kamailio[21414]: Warning:
too many requests from XXX.XXX.XXX.XXX:5060
Sep 10 *13:34:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE -
UNBLOCKing node 0xb5a2eb58
...
Sep 10 *13:35:22* sip /home/kamailio/sbin/kamailio[21418]: PIKE -
BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5a2eb58
Sep 10 13:35:22 sip /home/kamailio/sbin/kamailio[21418]: Warning:
too many requests from XXX.XXX.XXX.XXX,:5060
Sep 10 *13:36:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE -
UNBLOCKing node 0xb5a2eb58
/
Shouldn't it be blocked for 3600 seconds?
Then I changed the /remove_latancy/ parameter to /modparam("pike",
"remove_latency", 334500) /
/
Sep 10 *13:37:09* sip /home/kamailio/sbin/kamailio[21462]: PIKE -
BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5986b90
Sep 10 13:37:09 sip /home/kamailio/sbin/kamailio[21462]: Warning:
too many requests from XXX.XXX.XXX.XXX,:5060
Sep 10 *13:37:52* sip /home/kamailio/sbin/kamailio[21466]: PIKE -
UNBLOCKing node 0xb5986b90
/
but the it didn't seem to have any real difference.
Any ideas? /
/
Best Regards,
MyUser Baptista
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
--
Daniel-Constantin Mierla
http://www.asipto.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
