[Asterisk-Users] Max number of connection in IAX ?
Mark Spencer
markster at digium.com
Thu May 1 14:17:47 MST 2003
I think the ideas is restricting by per-user or per-peer.
Mark
On Thu, 1 May 2003, Tilghman Lesher wrote:
> On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
> > Hi.
> >
> > I was wondering if there's a parameter to limit
> > the number of concurrent sessions in IAX, globally or
> > on a per-user basis.
> >
> > That could be needed for security purposes
> > (to prevent dos attacks), to limit bandwidth / cpu usage, or
> > to not allow more than N guest connections, for example.
>
> Limiting the number of connections will not prevent DOS
> attacks. Consider that an IAX session may have an unlimited
> length. Now consider an attacker creating N connections,
> where N is your maximum limit of connections. The attacker
> has effectively cut off your ability to place IAX calls. In
> other words, resource starvation is just as effective a DOS
> attack as resource overloading.
>
> That said, the usecnt variable in channels/chan_iax.c should
> contain the current number of IAX channels.
>
> A patch as simple as this should work:
>
> -Tilghman
>
> Index: channels/chan_iax.c
> ===================================================================
> RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
> retrieving revision 1.8
> diff -u -r1.8 chan_iax.c
> --- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000 1.8
> +++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
> @@ -65,6 +65,8 @@
>
> #define DEBUG_SUPPORT
>
> +#define MAX_IAX_CONNECTIONS 30
> +
> /* Sample over last 100 units to determine historic jitter */
> #define GAMMA (0.01)
>
> @@ -1952,6 +1954,10 @@
> ast_setstate(tmp, state);
> ast_pthread_mutex_lock(&usecnt_lock);
> usecnt++;
> + if (usecnt > MAX_IAX_CONNECTIONS) {
> + usecnt--;
> + tmp = NULL;
> + }
> ast_pthread_mutex_unlock(&usecnt_lock);
> ast_update_use_count();
> if (state != AST_STATE_DOWN) {
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list