[Asterisk-Users] Max number of connection in IAX ?
Brancaleoni Matteo
mbrancaleoni at espia.it
Fri May 2 06:43:33 MST 2003
I agree. probably is the best way to prevent
any problem.
(I like the idea to limit my guest user, so
I can provide demo iax connections to all ;-) )
matteo
Il gio, 2003-05-01 alle 23:17, Mark Spencer ha scritto:
> I think the ideas is restricting by per-user or per-peer.
>
> Mark
>
> On Thu, 1 May 2003, Tilghman Lesher wrote:
>
> > On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
> > > Hi.
> > >
> > > I was wondering if there's a parameter to limit
> > > the number of concurrent sessions in IAX, globally or
> > > on a per-user basis.
> > >
> > > That could be needed for security purposes
> > > (to prevent dos attacks), to limit bandwidth / cpu usage, or
> > > to not allow more than N guest connections, for example.
> >
> > Limiting the number of connections will not prevent DOS
> > attacks. Consider that an IAX session may have an unlimited
> > length. Now consider an attacker creating N connections,
> > where N is your maximum limit of connections. The attacker
> > has effectively cut off your ability to place IAX calls. In
> > other words, resource starvation is just as effective a DOS
> > attack as resource overloading.
> >
> > That said, the usecnt variable in channels/chan_iax.c should
> > contain the current number of IAX channels.
> >
> > A patch as simple as this should work:
> >
> > -Tilghman
> >
> > Index: channels/chan_iax.c
> > ===================================================================
> > RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
> > retrieving revision 1.8
> > diff -u -r1.8 chan_iax.c
> > --- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000 1.8
> > +++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
> > @@ -65,6 +65,8 @@
> >
> > #define DEBUG_SUPPORT
> >
> > +#define MAX_IAX_CONNECTIONS 30
> > +
> > /* Sample over last 100 units to determine historic jitter */
> > #define GAMMA (0.01)
> >
> > @@ -1952,6 +1954,10 @@
> > ast_setstate(tmp, state);
> > ast_pthread_mutex_lock(&usecnt_lock);
> > usecnt++;
> > + if (usecnt > MAX_IAX_CONNECTIONS) {
> > + usecnt--;
> > + tmp = NULL;
> > + }
> > ast_pthread_mutex_unlock(&usecnt_lock);
> > ast_update_use_count();
> > if (state != AST_STATE_DOWN) {
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list