[Asterisk-Users] Max number of connection in IAX ?

Thu May 1 13:53:20 MST 2003

On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
> Hi.
>
> I was wondering if there's a parameter to limit
> the number of concurrent sessions in IAX, globally or
> on a per-user basis.
>
> That could be needed for security purposes
> (to prevent dos attacks), to limit bandwidth / cpu usage, or
> to not allow more than N guest connections, for example.

Limiting the number of connections will not prevent DOS
attacks.  Consider that an IAX session may have an unlimited
length.  Now consider an attacker creating N connections,
where N is your maximum limit of connections.  The attacker
has effectively cut off your ability to place IAX calls.  In
other words, resource starvation is just as effective a DOS
attack as resource overloading.

That said, the usecnt variable in channels/chan_iax.c should
contain the current number of IAX channels.

A patch as simple as this should work:

-Tilghman

Index: channels/chan_iax.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
retrieving revision 1.8
diff -u -r1.8 chan_iax.c

--- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000      1.8
+++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
@@ -65,6 +65,8 @@

 #define DEBUG_SUPPORT

+#define MAX_IAX_CONNECTIONS    30
+
 /* Sample over last 100 units to determine historic jitter */
 #define GAMMA (0.01)

@@ -1952,6 +1954,10 @@
                ast_setstate(tmp, state);
                ast_pthread_mutex_lock(&usecnt_lock);
                usecnt++;
+               if (usecnt > MAX_IAX_CONNECTIONS) {
+                       usecnt--;
+                       tmp = NULL;
+               }
                ast_pthread_mutex_unlock(&usecnt_lock);
                ast_update_use_count();
                if (state != AST_STATE_DOWN) {


