[Asterisk-Users] Max number of connection in IAX ?

Jeremy McNamara jj at indie.org
Thu May 1 14:49:55 MST 2003 

I have implemented per-user usage limits in chan_h323. 

struct oh323_peer {
    char name[80];
    ...
    int inUse;
    ...
}

And then just make sure inUse always gets properly incremented and 
decremented  :)


Jeremy McNamara


Mark Spencer wrote:

>I think the ideas is restricting by per-user or per-peer.
>
>Mark
>
>On Thu, 1 May 2003, Tilghman Lesher wrote:
>
>  
>
>>On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
>>    
>>
>>>Hi.
>>>
>>>I was wondering if there's a parameter to limit
>>>the number of concurrent sessions in IAX, globally or
>>>on a per-user basis.
>>>
>>>That could be needed for security purposes
>>>(to prevent dos attacks), to limit bandwidth / cpu usage, or
>>>to not allow more than N guest connections, for example.
>>>      
>>>
>>Limiting the number of connections will not prevent DOS
>>attacks.  Consider that an IAX session may have an unlimited
>>length.  Now consider an attacker creating N connections,
>>where N is your maximum limit of connections.  The attacker
>>has effectively cut off your ability to place IAX calls.  In
>>other words, resource starvation is just as effective a DOS
>>attack as resource overloading.
>>
>>That said, the usecnt variable in channels/chan_iax.c should
>>contain the current number of IAX channels.
>>
>>A patch as simple as this should work:
>>
>>-Tilghman
>>
>>Index: channels/chan_iax.c
>>===================================================================
>>RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
>>retrieving revision 1.8
>>diff -u -r1.8 chan_iax.c
>>--- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000      1.8
>>+++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
>>@@ -65,6 +65,8 @@
>>
>> #define DEBUG_SUPPORT
>>
>>+#define MAX_IAX_CONNECTIONS    30
>>+
>> /* Sample over last 100 units to determine historic jitter */
>> #define GAMMA (0.01)
>>
>>@@ -1952,6 +1954,10 @@
>>                ast_setstate(tmp, state);
>>                ast_pthread_mutex_lock(&usecnt_lock);
>>                usecnt++;
>>+               if (usecnt > MAX_IAX_CONNECTIONS) {
>>+                       usecnt--;
>>+                       tmp = NULL;
>>+               }
>>                ast_pthread_mutex_unlock(&usecnt_lock);
>>                ast_update_use_count();
>>                if (state != AST_STATE_DOWN) {
>>
>>_______________________________________________
>>Asterisk-Users mailing list
>>Asterisk-Users at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>    
>>
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20030501/1b2c7879/attachment.htm

More information about the asterisk-users mailing list