<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
I have implemented per-user usage limits in chan_h323. <br>
<br>
struct oh323_peer {<br>
char name[80];<br>
...<br>
int inUse;<br>
...<br>
}<br>
<br>
And then just make sure inUse always gets properly incremented and
decremented :)<br>
<br>
<br>
Jeremy McNamara<br>
<br>
<br>
Mark Spencer wrote:<br>
<blockquote type="cite"
cite="midPine.LNX.4.33.0305011617180.6902-100000@hoochie">
<pre wrap="">I think the ideas is restricting by per-user or per-peer.
Mark
On Thu, 1 May 2003, Tilghman Lesher wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi.
I was wondering if there's a parameter to limit
the number of concurrent sessions in IAX, globally or
on a per-user basis.
That could be needed for security purposes
(to prevent dos attacks), to limit bandwidth / cpu usage, or
to not allow more than N guest connections, for example.
</pre>
</blockquote>
<pre wrap="">Limiting the number of connections will not prevent DOS
attacks. Consider that an IAX session may have an unlimited
length. Now consider an attacker creating N connections,
where N is your maximum limit of connections. The attacker
has effectively cut off your ability to place IAX calls. In
other words, resource starvation is just as effective a DOS
attack as resource overloading.
That said, the usecnt variable in channels/chan_iax.c should
contain the current number of IAX channels.
A patch as simple as this should work:
-Tilghman
Index: channels/chan_iax.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
retrieving revision 1.8
diff -u -r1.8 chan_iax.c
--- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000 1.8
+++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
@@ -65,6 +65,8 @@
#define DEBUG_SUPPORT
+#define MAX_IAX_CONNECTIONS 30
+
/* Sample over last 100 units to determine historic jitter */
#define GAMMA (0.01)
@@ -1952,6 +1954,10 @@
ast_setstate(tmp, state);
ast_pthread_mutex_lock(&usecnt_lock);
usecnt++;
+ if (usecnt > MAX_IAX_CONNECTIONS) {
+ usecnt--;
+ tmp = NULL;
+ }
ast_pthread_mutex_unlock(&usecnt_lock);
ast_update_use_count();
if (state != AST_STATE_DOWN) {
_______________________________________________
Asterisk-Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Asterisk-Users@lists.digium.com">Asterisk-Users@lists.digium.com</a>
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
Asterisk-Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Asterisk-Users@lists.digium.com">Asterisk-Users@lists.digium.com</a>
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</pre>
</blockquote>
<br>
</body>
</html>