From cf8c42cebc0591b7d7d3c41d6f737eb98c45a437 Mon Sep 17 00:00:00 2001 From: "SIPLABS, LLC" Date: Thu, 12 Feb 2015 14:33:31 +0700 Subject: [PATCH] count response codes in TOTAL counter --- kamailio/default.cfg | 11 +++++++++++ kamailio/rate-limiter-role.cfg | 36 +++++++++++++++------------------- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/kamailio/default.cfg b/kamailio/default.cfg index f204a0a..e6c6837 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -8,6 +8,7 @@ flags FLAG_ASSOCIATE_USER: 4, FLAG_TRUSTED_SOURCE: 5, FLAG_SESSION_PROGRESS: 6; + FLAG_IS_REPLY: 7; ####### Global Parameters ######### fork = yes @@ -500,6 +501,11 @@ onreply_route[EXTERNAL_REPLY] #!ifdef NAT-TRAVERSAL-ROLE route(NAT_TEST_AND_CORRECT); #!endif + + #!ifdef RATE-LIMITER-ROLE + setflag(FLAG_IS_REPLY); + route(DOS_PREVENTION); + #!endif } onreply_route[INTERNAL_REPLY] @@ -512,6 +518,11 @@ onreply_route[INTERNAL_REPLY] route(NAT_WEBSOCKETS_CORRECT); #!endif + #!ifdef RATE-LIMITER-ROLE + setflag(FLAG_IS_REPLY); + route(DOS_PREVENTION); + #!endif + if (is_method("INVITE") && !isflagset(FLAG_SESSION_PROGRESS) && t_check_status("(180)|(183)|(200)") diff --git a/kamailio/rate-limiter-role.cfg b/kamailio/rate-limiter-role.cfg index 9f7056c..9f037b4 100644 --- a/kamailio/rate-limiter-role.cfg +++ b/kamailio/rate-limiter-role.cfg @@ -10,10 +10,6 @@ modparam("htable", "htable", "rate_limits=>initval=-1;autoexpire=60") # init #!trydef RATE_LIMIT_CODE "603" #!trydef IP_REGEX "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" -route[DOS_PREVENTION_REPLY] { - setflag(FLAG_IS_REPLY); - route(DOS_PREVENTION); -} route[DOS_PREVENTION] { @@ -26,7 +22,7 @@ route[DOS_PREVENTION] { $var(method-value) = "\"TOTAL\""; # SIP methods INVITE and REGISTER have personal counters - if ((is_method("INVITE") || is_method("REGISTER"))) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { $var(lrpm_realm) = $fd+"/"+$rm+"/min"; $var(lrps_realm) = $fd+"/"+$rm+"/sec"; @@ -52,7 +48,7 @@ route[DOS_PREVENTION] { } # REALM check - if ((is_method("INVITE") || is_method("REGISTER"))) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { if ($sht(rate_limits=>$var(lrpm_realm)) == -1 || $sht(rate_limits=>$var(lrps_realm)) == -1) { xlog("L_INFO", "$ci|RL-realm log| Can't find HASHed rate for $var(entity) with $rm method"); @@ -75,7 +71,7 @@ route[DOS_PREVENTION] { } #DEVICE check - if ((is_method("INVITE") || is_method("REGISTER"))) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { if ($sht(rate_limits=>$var(lrpm_device)) == -1 || $sht(rate_limits=>$var(lrps_device)) == -1) { xlog("L_INFO", "$ci|RL-device log| Can't find HASHed rate for $var(entity) with $rm method"); @@ -160,7 +156,7 @@ route[DOS_PREVENTION] { $var(entity) = $fd; } $var(entity-type) = "realm"; - if (is_method("INVITE") || is_method("REGISTER")) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { $var(lrpm) = $sht(rate_limits=>$var(lrpm_realm)); $var(lrps) = $sht(rate_limits=>$var(lrps_realm)); } @@ -177,7 +173,7 @@ route[DOS_PREVENTION] { $var(entity) = $fU+"@"+$fd; } $var(entity-type) = "device"; - if ((is_method("INVITE") || is_method("REGISTER"))) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { $var(lrpm) = $sht(rate_limits=>$var(lrpm_device)); $var(lrps) = $sht(rate_limits=>$var(lrps_device)); } @@ -207,8 +203,8 @@ route[DO_DOS_PREVENTION] { xlog("L_INFO", "$ci|RL-$var(entity-type) log| L/C for $var(tpm) = $var(ltpm)/$sht(tpm=>$var(tpm))"); xlog("L_INFO", "$ci|RL-$var(entity-type) log| L/C for $var(tps) = $var(ltps)/$sht(tps=>$var(tps))"); - # Personal increment for INVITE and REGISTER - if ((is_method("INVITE") || is_method("REGISTER"))) { + # Personal increment just for INVITE and REGISTER + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { $sht(rpm=>$var(rpm)) = $shtinc(rpm=>$var(rpm)); $sht(rps=>$var(rps)) = $shtinc(rps=>$var(rps)); } @@ -217,7 +213,7 @@ route[DO_DOS_PREVENTION] { $sht(tps=>$var(tps)) = $shtinc(tps=>$var(tps)); # Personal checks for INVITE and REGISTER - if ((is_method("INVITE") || is_method("REGISTER"))) { + if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) { if ($sht(rps=>$var(rps)) > $var(lrps)) { sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE); xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of $rm $var(rps) rate limits: $sht(rps=>$var(rps)) > $var(lrps))"); @@ -231,21 +227,21 @@ route[DO_DOS_PREVENTION] { } # Commmon checks for ALL packet including INVITE and REGISTER if ($sht(tps=>$var(tps)) > $var(ltps)) { -# if (isflagset(FLAG_IS_REPLY)) { -# xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))"); -# } else { + if (isflagset(FLAG_IS_REPLY)) { + xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))"); + } else { sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE); xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))"); -# } + } exit; } if ($sht(tpm=>$var(tpm)) > $var(ltpm)) { -# if (isflagset(FLAG_IS_REPLY)) { -# xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))"); -# } else { + if (isflagset(FLAG_IS_REPLY)) { + xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))"); + } else { sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE); xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))"); -# } + } exit; } }