[asterisk-bugs] [JIRA] (ASTERISK-27587) Asterisk webrtc con JSSIP dont close connection

VIP2PHONE INC (JIRA) noreply at issues.asterisk.org
Mon Jan 15 13:55:49 CST 2018 

VIP2PHONE INC created ASTERISK-27587:
----------------------------------------

             Summary: Asterisk webrtc con JSSIP dont close connection
                 Key: ASTERISK-27587
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27587
             Project: Asterisk
          Issue Type: Improvement
      Security Level: None
          Components: Core/HTTP
    Affects Versions: 14.6.2, 14.5.0
            Reporter: VIP2PHONE INC


Greetings, we currently have the version of Asterisk 14.5.0 implemented, we use JSSIP as the base library for the Webrct webphone, initially it works correctly with a small number of extensions, but when we use a pbx with 100 extensions the response on port 8089 tcp of webrtc denies the connections, and the connections that existed begin to be lost.

We observe in the system message:

TCP: request_sock_TCP: Possible SYN flooding on port 8089. Sending cookies. Check SNMP counters.

Log Asterisk

http.c: HTTP session count exceeded 100 sessions.

We make the adjustment in the http.conf file

sessionlimit = 500

But the message Greetings, we currently have the version of Asterisk 14.5.0 implemented, we use JSSIP as the base library for the Webrct webphone, initially it works correctly with a small amount of extensions, but when we use a pbx with 100 extensions the answer on port 8089 tcp of webrtc denies the connections, and the connections that existed begin to get lost.

We observe in the system message:

TCP: request_sock_TCP: Possible SYN flooding on port 8089. Sending cookies. Check SNMP counters.

We modify

echo "4096"> / proc / sys / net / ipv4 / tcp_max_syn_backlog

Log Asterisk

http.c: HTTP session count exceeded 100 sessions.

We make the adjustment in the http.conf file

sessionlimit = 500

The error of SYN flooding persists, I clarify that the Firewall has blocked the external traffic so the connections to port 8089 are legitimate.

I can see that when executing the command.

netstat -anp | awk '{print $ 4 "" $ 6}' | grep '8089 ESTABLISHED' | wc -l

Shows values ​​below the 100 allowed sessions.

Verifying with netstat we find that there are more than 100 sessions in CLOSE_WAIT status, and do not finish the process by gluing the sessions until the SYN flooding error in Kernel happens.

What is the recommended configuration so that this situation does not occur as it becomes recurrent.

I appreciate any configuration parameter that helps us improve this instability in the system, thanks.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list