ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

count response codes in TOTAL counter

3.20
SIPLABS, LLC 11 years ago
parent
1ec093e123
commit
cf8c42cebc
2 changed files with 27 additions and 20 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +11
    -0
      kamailio/default.cfg
  2. +16
    -20
      kamailio/rate-limiter-role.cfg

+ 11
- 0
kamailio/default.cfg View File

@ -8,6 +8,7 @@ flags
FLAG_ASSOCIATE_USER: 4,
FLAG_TRUSTED_SOURCE: 5,
FLAG_SESSION_PROGRESS: 6;
FLAG_IS_REPLY: 7;
####### Global Parameters #########
fork = yes
@ -500,6 +501,11 @@ onreply_route[EXTERNAL_REPLY]
#!ifdef NAT-TRAVERSAL-ROLE
route(NAT_TEST_AND_CORRECT);
#!endif
#!ifdef RATE-LIMITER-ROLE
setflag(FLAG_IS_REPLY);
route(DOS_PREVENTION);
#!endif
}
onreply_route[INTERNAL_REPLY]
@ -512,6 +518,11 @@ onreply_route[INTERNAL_REPLY]
route(NAT_WEBSOCKETS_CORRECT);
#!endif
#!ifdef RATE-LIMITER-ROLE
setflag(FLAG_IS_REPLY);
route(DOS_PREVENTION);
#!endif
if (is_method("INVITE") &&
!isflagset(FLAG_SESSION_PROGRESS) &&
t_check_status("(180)|(183)|(200)")


+ 16
- 20
kamailio/rate-limiter-role.cfg View File

@ -10,10 +10,6 @@ modparam("htable", "htable", "rate_limits=>initval=-1;autoexpire=60") # init
#!trydef RATE_LIMIT_CODE "603"
#!trydef IP_REGEX "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}"
route[DOS_PREVENTION_REPLY] {
setflag(FLAG_IS_REPLY);
route(DOS_PREVENTION);
}
route[DOS_PREVENTION] {
@ -26,7 +22,7 @@ route[DOS_PREVENTION] {
$var(method-value) = "\"TOTAL\"";
# SIP methods INVITE and REGISTER have personal counters
if ((is_method("INVITE") || is_method("REGISTER"))) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
$var(lrpm_realm) = $fd+"/"+$rm+"/min";
$var(lrps_realm) = $fd+"/"+$rm+"/sec";
@ -52,7 +48,7 @@ route[DOS_PREVENTION] {
}
# REALM check
if ((is_method("INVITE") || is_method("REGISTER"))) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
if ($sht(rate_limits=>$var(lrpm_realm)) == -1
|| $sht(rate_limits=>$var(lrps_realm)) == -1) {
xlog("L_INFO", "$ci|RL-realm log| Can't find HASHed rate for $var(entity) with $rm method");
@ -75,7 +71,7 @@ route[DOS_PREVENTION] {
}
#DEVICE check
if ((is_method("INVITE") || is_method("REGISTER"))) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
if ($sht(rate_limits=>$var(lrpm_device)) == -1
|| $sht(rate_limits=>$var(lrps_device)) == -1) {
xlog("L_INFO", "$ci|RL-device log| Can't find HASHed rate for $var(entity) with $rm method");
@ -160,7 +156,7 @@ route[DOS_PREVENTION] {
$var(entity) = $fd;
}
$var(entity-type) = "realm";
if (is_method("INVITE") || is_method("REGISTER")) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
$var(lrpm) = $sht(rate_limits=>$var(lrpm_realm));
$var(lrps) = $sht(rate_limits=>$var(lrps_realm));
}
@ -177,7 +173,7 @@ route[DOS_PREVENTION] {
$var(entity) = $fU+"@"+$fd;
}
$var(entity-type) = "device";
if ((is_method("INVITE") || is_method("REGISTER"))) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
$var(lrpm) = $sht(rate_limits=>$var(lrpm_device));
$var(lrps) = $sht(rate_limits=>$var(lrps_device));
}
@ -207,8 +203,8 @@ route[DO_DOS_PREVENTION] {
xlog("L_INFO", "$ci|RL-$var(entity-type) log| L/C for $var(tpm) = $var(ltpm)/$sht(tpm=>$var(tpm))");
xlog("L_INFO", "$ci|RL-$var(entity-type) log| L/C for $var(tps) = $var(ltps)/$sht(tps=>$var(tps))");
# Personal increment for INVITE and REGISTER
if ((is_method("INVITE") || is_method("REGISTER"))) {
# Personal increment just for INVITE and REGISTER
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
$sht(rpm=>$var(rpm)) = $shtinc(rpm=>$var(rpm));
$sht(rps=>$var(rps)) = $shtinc(rps=>$var(rps));
}
@ -217,7 +213,7 @@ route[DO_DOS_PREVENTION] {
$sht(tps=>$var(tps)) = $shtinc(tps=>$var(tps));
# Personal checks for INVITE and REGISTER
if ((is_method("INVITE") || is_method("REGISTER"))) {
if ((is_method("INVITE") || is_method("REGISTER")) && (!isflagset(FLAG_IS_REPLY))) {
if ($sht(rps=>$var(rps)) > $var(lrps)) {
sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE);
xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of $rm $var(rps) rate limits: $sht(rps=>$var(rps)) > $var(lrps))");
@ -231,21 +227,21 @@ route[DO_DOS_PREVENTION] {
}
# Commmon checks for ALL packet including INVITE and REGISTER
if ($sht(tps=>$var(tps)) > $var(ltps)) {
# if (isflagset(FLAG_IS_REPLY)) {
# xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))");
# } else {
if (isflagset(FLAG_IS_REPLY)) {
xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))");
} else {
sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE);
xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm) $var(tps) rate limits: $sht(tps=>$var(tps)) > $var(ltps))");
# }
}
exit;
}
if ($sht(tpm=>$var(tpm)) > $var(ltpm)) {
# if (isflagset(FLAG_IS_REPLY)) {
# xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))");
# } else {
if (isflagset(FLAG_IS_REPLY)) {
xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm::$rs $rr) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))");
} else {
sl_send_reply(RATE_LIMIT_CODE, RATE_LIMIT_MESSAGE);
xlog("L_INFO", "$ci|RL-$var(entity-type) log| Out of TOTAL($rm) $var(tpm) rate limits: $sht(tpm=>$var(tpm)) > $var(ltpm))");
# }
}
exit;
}
}

Write Preview
Loading…
Cancel
Save