19 Oct
2023
19 Oct
'23
10:14 a.m.
How about the diff below?
Also, is there plan to backport ksr_tcp_msg_data_timeout,
ksr_tcp_msg_read_timeout, and ksr_tcp_check_timer to 5.7, since they can
help in protecting from DoS attacks that we have seen in the wild.
-- Juha
diff --git a/src/main.c b/src/main.c
index 0fa2da6ec2..f3cddf8bad 100644
--- a/src/main.c
+++ b/src/main.c
@@ -535,7 +535,7 @@ int ksr_tcp_msg_read_timeout = 20; /* timeout (secs) to read SIP
message */
int ksr_tcp_msg_data_timeout =
20; /* timeout (secs) to receive first msg data */
int ksr_tcp_accept_iplimit = 1024; /* limit of accepted connections per IP */
-int ksr_tcp_check_timer = 10; /* seconds to check tcp connections */
+int ksr_tcp_check_timer = -1; /* seconds to check tcp connections */
/* memory manager */
#define SR_MEMMNG_DEFAULT "qm"
@@ -1726,12 +1726,22 @@ int main_loop(void)
cfg_main_reset_local();
#ifdef USE_TCP
- if(!tcp_disable && ksr_tcp_check_timer > 0) {
- if(sr_wtimer_add(
+ if(!tcp_disable) {
+ if(ksr_tcp_check_timer == -1) {
+ if(ksr_tcp_msg_data_timeout > 0 && ksr_tcp_msg_read_timeout > 0)
+ ksr_tcp_check_timer =
+ MIN(ksr_tcp_msg_data_timeout, ksr_tcp_msg_read_timeout) / 2;
+ else
+ ksr_tcp_check_timer = ksr_tcp_msg_data_timeout > 0 ?
+ ksr_tcp_msg_data_timeout / 2 : ksr_tcp_msg_read_timeout / 2;
+ }
+ if(ksr_tcp_check_timer > 0) {
+ if(sr_wtimer_add(
tcp_timer_check_connections, NULL, ksr_tcp_check_timer)
- < 0) {
- LM_CRIT("cannot add timer for tcp connection checks\n");
- goto error;
+ < 0) {
+ LM_CRIT("cannot add timer for tcp connection checks\n");
+ goto error;
+ }
}
}
#endif