[Asterisk-Users] Max number of connection in IAX ?

Mark Spencer markster at digium.com
Thu May 1 14:17:47 MST 2003 

I think the ideas is restricting by per-user or per-peer.

Mark

On Thu, 1 May 2003, Tilghman Lesher wrote:

> On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
> > Hi.
> >
> > I was wondering if there's a parameter to limit
> > the number of concurrent sessions in IAX, globally or
> > on a per-user basis.
> >
> > That could be needed for security purposes
> > (to prevent dos attacks), to limit bandwidth / cpu usage, or
> > to not allow more than N guest connections, for example.
>
> Limiting the number of connections will not prevent DOS
> attacks.  Consider that an IAX session may have an unlimited
> length.  Now consider an attacker creating N connections,
> where N is your maximum limit of connections.  The attacker
> has effectively cut off your ability to place IAX calls.  In
> other words, resource starvation is just as effective a DOS
> attack as resource overloading.
>
> That said, the usecnt variable in channels/chan_iax.c should
> contain the current number of IAX channels.
>
> A patch as simple as this should work:
>
> -Tilghman
>
> Index: channels/chan_iax.c
> ===================================================================
> RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
> retrieving revision 1.8
> diff -u -r1.8 chan_iax.c
> --- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000      1.8
> +++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
> @@ -65,6 +65,8 @@
>
>  #define DEBUG_SUPPORT
>
> +#define MAX_IAX_CONNECTIONS    30
> +
>  /* Sample over last 100 units to determine historic jitter */
>  #define GAMMA (0.01)
>
> @@ -1952,6 +1954,10 @@
>                 ast_setstate(tmp, state);
>                 ast_pthread_mutex_lock(&usecnt_lock);
>                 usecnt++;
> +               if (usecnt > MAX_IAX_CONNECTIONS) {
> +                       usecnt--;
> +                       tmp = NULL;
> +               }
>                 ast_pthread_mutex_unlock(&usecnt_lock);
>                 ast_update_use_count();
>                 if (state != AST_STATE_DOWN) {
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list